1 in 3 firms that paid ransom failed to recover stolen data

Businesses are losing the battle when it comes to defending against ransomware attacks, with 72% of organisations having had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom, according to Veeam Software.

Veeam’s 2022 Ransomware Trends Report found that 80% of successful attacks targeted known vulnerabilities — reinforcing the importance of patching and upgrading software. 

Almost all attackers attempted to destroy backup repositories to disable the victim’s ability to recover without paying the ransom.

Commissioned by Veeam, Vanson Bourne surveyed 1,000 IT leaders whose organisations had been successfully attacked by ransomware at least once during the past 12 months.

“Ransomware has democratised data theft and requires a collaborative doubling down from organisations across every industry to maximise their ability to remediate and recover without paying the ransom,” said Danny Allan, CTO at Veeam. 

“Paying cybercriminals to restore data is not a data protection strategy,” said Allan. “There is no guarantee of recovering data, the risks of reputational damage and loss of customer confidence are high, and most importantly, this feeds a self-fulfilling prophecy that rewards criminal activity.”

Among respondents, 76% of cyber-victims paid the ransom to end an attack and recover data. Yet, while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data — resulting in a one out of three chance that paying the ransom still leads to no data. 

Notably, 19% of organisations did not pay the ransom because they were able to recover their own data.

“One of the hallmarks of a strong Modern Data Protection strategy is a commitment to a clear policy that the organisation will never pay the ransom, but do everything in its power to prevent, remediate and recover from attacks,” added Allan. 

Veeam recommends that firms educate employees and ensure they practice impeccable digital hygiene; regularly conduct rigorous tests of data protection solutions and protocols; and create detailed business continuity plans that prepare key stakeholders for worst-case scenarios.

Cyber-villains most often first gained access to production environments through errant users clicking malicious links, visiting unsecure websites or engaging with phishing emails — again exposing the avoidable nature of many incidents. 

Respondents confirmed that 94% of attackers attempted to destroy backup repositories and in 72% of cases this strategy was at least partially successful. 

According to Veeam, the only way to protect against this scenario is to have at least one immutable or air-gapped tier within the data protection framework — which 95% of those surveyed stated they now have.