Most Businesses That Pay Off After Ransomware Hack Hit With Second Attack: Study

A majority of businesses hit by a ransomware attack that chose to pay to regain access to their systems were attacked again, a study released Wednesday by a cybersecurity company found.

a sign on the side of a building: The Cybereason study found that 80 percent of organizations that chose to pay after a ransomware attack were hit with a second attack.

© Getty Images
The Cybereason study found that 80 percent of organizations that chose to pay after a ransomware attack were hit with a second attack.

The study surveyed nearly 1,300 security professionals around the world and found that 80 percent of businesses that paid after a ransomware attack suffered a second attack. Of those hit a second time, 46 percent believed it came from the same group that did the first attack.

Everything You Need To Know About The JBS Meat Packer Cyberattack



Censuswide, which performed the study on behalf of the international cybersecurity company Cybereason, found that 25 percent of organizations hit by a ransomware attack were forced to close. In addition, 29 percent were forced to eliminate jobs.


Load Error

Cybereason CEO Lior Div warned that paying the ransom for data would not guarantee complete and successful data recovery, nor would it protect an organization from future attacks.

“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks,” Div said.

For those that paid to restore their systems, 46 percent said they regained access to their data, but some or all of it was corrupted. Another 51 percent said their data recovery was successful, while only 3 percent said they did not regain access to any of their data.

Video: Ransomware hacks pose serious risks to American companies (FOX News)

Ransomware hacks pose serious risks to American companies



The Cybereason study said global ransomware damage losses are projected to reach $20 billion this year. An annual crime report released by the FBI reported an increase of over 225 percent…


Businesses are getting better at security. But they’re still forgetting one big risk

With major cyber attacks on critical infrastructure such as the SolarWinds attack, the Florida’s water treatment facility hack, and the US East Coast’s Colonial Pipeline ransomware crisis, the security of products — and not just information systems — really need to be taken more seriously, argues Chris Wysopal, founder and CTO of code scanning company Veracode.  


© ZDNet

While the CISO protects information in the enterprise, Wysopal is arguing this week at the RSA 2021 conference that products need an equivalent level of attention to enterprise information systems. His call for greater focus on product security comes as supply chain attacks are on the rise and governments across the world attempt to grapple with the problem of products that have been tampered with enter an organization.  


Load Error

“Products are different. Products leave the enterprise. Think of Tesla’s product security. It’s the car. You could think of a medical device company, but even in more information-oriented companies, it’s an app, it’s a standalone website and they’re starting to become outside of the enterprise. They have a life of their own,” Wysopal tells ZDNet. 

Wysopal is notable figure in the cybersecurity scene, and was one of the original vulnerability researchers and one of seven member of the L0pht ‘hacker think tank’ who told the US Senate in 1998 that the group could bring down the internet in 30 minutes.

Wysopal reckons products like these need a C-level exec with a better engineering skillset than a CISO typically has — a role more focused on monitoring networks and systems to keep hackers out. 

“Historically, a CISO has not been required to build in security in to a piece of software or a device,” he says.   

“The traditional CISO doesn’t have that security engineering and product engineering background. They traditionally have grown up through compliance or network security, and they don’t have the understanding of software or code-level vulnerabilities. So you’ll have a lot of times where you have product security not reporting to a CISO, but reporting to the VP of engineering.”

At Veracode, the CISO reports to him as the CTO, while his head of product, which…


Cubed Mobile Lets Businesses Combine Personal Phones and Business Smartphones with Its Super App

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

This unique app enables enterprises to reduce their mobile phone costs by 80-90%, enhancing their data cybersecurity and making their mobile management more efficient.

Cubed Mobile, a global IT services company, introduces an app that turns any mobile device into two – one personal, one enterprise. Recognized by the international research firm Gartner as a “Cool Vendor in Communications Service Provider Business Operations,” the company’s app can be installed on any device. Its app-based system creates complete, secure silos, ensuring protection, communication, and productivity. Not only does it simplify the corporate mobile experience, but it also strengthens a user’s privacy and assists with work-life balance. This solution is the only system of its type globally.

“Cubed Mobile goes beyond enterprise mobile security. It also strengthens security, smooths communication coordination, and eases the management of BYOD with a new approach to the Mobile Device Management (MDM) ecosystem,” the spokesperson of the company said.

“With this solution, businesses can now create workspaces with different settings, apps, and access-rights based on user parameters. Let your admins invite and remove users, edit personal details, settings, and virtual lines, filter lists of associated devices. Anytime, you can remotely backup, restore, and wipe entire workspaces immediately.”

Cubed Mobile eliminates the need for a second mobile device by delivering a fully functional self-contained corporate virtual smartphone, complete with SIM-less phone lines, allow users to communicate via web browser, apps, a self-service homegrown and external application store, environment and app configurations, access control settings, integrated VPN, and a built-in multipurpose UC suite – all controlled remotely in real-time and deployed in a managed workspace.

Cubed Mobile Management Solution also streamlines and automates deployment, provisioning, policy management, app delivery, and updates with built-in enterprise-class security. Cubed Mobile provides a unified corporate communication and mobile device management solution for CSPs, MSPs, VARs, and other resellers to offer their SME and SMB…


The 6 Things Small Businesses Need To Know About Security

May 7 is World Password Day, and it serves as a reminder for many entrepreneurs and small business owners to prioritize—or reprioritize—cybersecurity and other protections.

Entrepreneurs and SMBs can do a lot to build strong shields and mitigate the risk of breaches, in addition to minimizing the damage if a breach occurs. To help your company develop a stronger cybersecurity posture, six security professionals provided some of their most useful advice—and you can bet it’s about more than passwords:

1. You’re not too small to be targeted: Erik Knight, founder and CEO of SimpleWAN

Many entrepreneurs, startup founders, and small business owners might think of themselves as minnows compared to Fortune 500 whales. They assume they’re too small to attract the attention of hackers and cyber attackers. But that’s not how bad actors see it.

“Don’t think you are too small to be affected,” says Erik Knight, the founder and CEO of WimpleWAN. “Every place you have an employee or office is a potential entry point. Take it seriously; if you have something worth taking, a hacker will try to take it.”

Knight says small businesses are easier targets because they often fail to perform security audits, put in the resources to protect themselves, or even carry the right insurance coverage. Hackers see small businesses as easy cases to crack.

2. Think of security as a business problem: Vats Srivatsan, president and COO of ColorTokens

Vats Srivatsan, the president and chief operating officer of ColorTokens, warns against thinking of security as a nice-to-have. Security is something that requires 100% investment and effort, not something that can be approached halfway. The truth is that the effects of an attack can be disastrous to any company’s bottom line.

Cybersecurity attacks can result in monetary loss, stolen IP, and downtime. “If a small business were to have a data breach, it could create a lack of trust among customers and employees, causing them to switch to a more prominent brand name they think can do a better job protecting them,” Srivatsan says. A recent survey showed that 37% of small businesses have lost customers and 17% have lost revenue due to…