The healthcare field has been greatly attacked by ransomware gangs and victims frequently consider paying the ransom as the best solution to make certain a speedy recovery, however, the payment won’t always stop the extortion. Numerous victims have paid the ransom to acquire the decryption keys or to stop the exposure of stolen files. But the ransomware actors still carried on with the extortion.
The Federal Bureau of Investigation (FBI) advises to never give ransom payment subsequent to a ransomware attack since doing so provides the threat actors with more funds for their attacks, it urges other threat groups to become involved in ransomware, and considering that there is no guarantee that paying a ransom will result in data recovery or avert the misuse of stolen information.
A current survey performed by the cybersecurity agency Venafi helped to assess the magnitude to which additional extortion comes about. The survey has offered a few critical stats about what takes place whenever victims pay or don’t pay the ransom demands. The survey was performed on 1,506 IT security representatives from the United Kingdom, United States, Germany, Benelux, Australia, and France and looked into the fast-growing danger of ransomware attacks.
Venafi mentioned ransomware attacks increased by 93% in the first half of 2021 and by the end of the year ransomware attacks were being carried out around the globe at a rate of one for every 11 seconds. 67% of firms having 500 or higher personnel stated they had suffered a ransomware attack in the past year, and 83% of ransomware attacks had double or triple extortion techniques, where sensitive data are stolen and payment is expected to decrypt files, stop the exposure of information, and stop attacks on clients and suppliers.
As per the survey, 38% of attacks had threats to extort victims’ consumers using stolen records, 35% involved threats to publish stolen information on the dark web, and 32% included threats to tell customers that their information was stolen.
16% of clients who didn’t pay the ransom had their details published on the dark web. 35% of victims mentioned they paid the ransom though still did not recover their records, and 18% of victims stated they had given the ransom to avert the posting of stolen files, nevertheless the data was still posted on the dark web. 8% mentioned they declined to pay the ransom thereafter the attackers threatened to extort their clients.
A lot of ransomware groups currently utilize the ransomware-as-a-service (RaaS) model. Affiliates are hired to perform attacks for a portion of any ransoms they earn. Although the RaaS operators usually have playbooks and offer guidelines for executing attacks, there is minimal enforcement of compliance. Ransomware gangs frequently operate for limited periods and attempt to extort as many funds as possible from victims prior to closing down their operations and rebranding and commencing again. There were additionally situations of ransomware gangs providing stolen data and access to networks to other cybercriminal groups no matter if the ransom is paid out, showing quite evidently that ransomware gangs are not trustworthy. Several ransomware gangs have taken negotiations with victims from their affiliates and have taken out the affiliates and haven’t issued payment, exhibiting there is at the same time no honesty among thieves.
Companies are not prepared to guard against ransomware that exfiltrates data files, and therefore they pay the ransom, nevertheless, this only provokes attackers to desire more. The terrible news is that attackers are carrying on with extortion threats, even after paying the ransom.