A third of companies paying ransom don’t recover data - report
Veeam's latest research has found that 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third of them were still unable to get their information back.
The Veeam 2022 Ransomware Trends Report was conducted by an independent research firm and surveyed 1,000 IT leaders whose organisations had been attacked by ransomware at least once during the past 12 months, making it one of the largest reports of its kind.
The company says the report shows that businesses are losing the battle when it comes to defending against ransomware attacks.
Veeam CTO Danny Allan says organisations across every industry need to make a collaborative effort to refuse to pay the ransom.
"Paying cybercriminals to restore data is not a data protection strategy," he says.
"There is no guarantee of recovering data, the risks of reputational damage and loss of customer confidence are high, and most importantly, this feeds a self-fulfilling prophecy that rewards criminal activity."
Veeam says it is notable that 19% of organisations did not pay the ransom because they were able to recover their own data.
"One of the hallmarks of a strong modern data protection strategy is a commitment to a clear policy that the organisation will never pay the ransom, but do everything in its power to prevent, remediate and recover from attacks," says Allan.
"Despite the pervasive and inevitable threat of ransomware, the narrative that businesses are helpless in the face of it is not an accurate one. Educate employees and ensure they practice impeccable digital hygiene; regularly conduct rigorous tests of your data protection solutions and protocols; and create detailed business continuity plans that prepare key stakeholders for worst-case scenarios."
The report also found that 94% of attackers attempted to destroy backup repositories, and in 72% of cases, this strategy was at least partially successful.
Veeam says removing an organisation's recovery lifeline is a popular attack strategy as it increases the likelihood that victims would have no other choice than to pay the ransom.
The company says the only way to protect against this scenario is to have at least one immutable or air-gapped tier within the data protection framework — which 95% of those we surveyed stated they now have. Many organisations reported having some level of immutability or air-gap media in more than one tier of their disk, cloud and tape strategy.
Veeam says it commissioned independent market research company Vanson Bourne to survey 1,000 IT leaders regarding the impact of ransomware within their environments and their IT strategies and data protection initiatives moving forward. Respondents represented organisations of all sizes from 16 countries in APJ, EMEA and the Americas.