Skip to Main Content
Services Talent Knowledge
Site Search
Menu

Blog Post

July 2, 2021

Ransomware: You Don't Always Have to Pay—But What If You Do?

On June 8, 2021, Kevin Szczepanski, co-leader of the Cybersecurity Team, was a panelist for the USLAW webinar “Ransomware: You Don’t Always Have to Pay.” One question the Cybersecurity Team has been asked several times since the webinar is, “If my business is forced to pay a ransom, will the threat actor actually provide a decryption tool?” In other words, how do you know that you will get your data back after paying a ransom?

To answer this question, we spoke with an industry expert, the director of incident response at a leading ransomware forensic firm. As our expert tells us, there are two questions to consider here. The first is: How often does a threat actor provide a decryption tool? The second question is: How much of the business’s data actually “comes back” after employing the tool?

The answers to these questions may surprise you. Actual default—you pay and get nothing in return—is rare; it happens only about 1.5 percent of the time. So far, so good. But the second, more important question is: How well do the threat actors’ decryption tools work? The answer is that it depends on the ransomware used. Decryption tools supplied for some ransomware (Clop, Conti, Darkside, and REvil) have recovery rates of 95 to 99 percent. But tools supplied for other ransomware (Lockbit, Mamba, Phobos, and PYSA) have recovery rates in the 80 to 90 percent range.

What does this tell us? First, the ability to recover data depends in part on the type of ransomware the threat actor uses. Second, even a “successful” recovery could net a loss of up to 20 percent of an organization’s data.

In light of this, we are encouraging our clients to invest in prudent “cyber hygiene,” or a series of physical, electronic, and “human” safeguards designed to limit the risk of loss resulting from a cyber attack.

If you have questions about cyber hygiene, the content of this blog post, or would like the “Ransomware: You Don’t Always Have to Pay” webinar materials, please contact Kevin Szczepanski or Nick DiCesare, co-team leaders of the Cybersecurity Team, at kszczepanski@barlcaydamon.com and ndicesare@barclaydamon.com, respectively, or another member of the firm’s Cybersecurity Team.

Featured Media

Alerts

Bankruptcy Avoidance Actions, Part 2 – Fraudulent Transfers

Alerts

NYS Court of Appeals: CVA Plaintiff Must Prove Notice of Abuse Applying Then-Prevailing Standards in Decades-Old Sexual Abuse Case

Alerts

Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Darnell Williams, Tanisia Bowman, Dominique Tompkins, Kimberly Miller, and Judith Adela Fernandez Martinez—Targeting Businesses in Recent Flurry of Lawsuits

Alerts

Federal Court Voids Regulation Authorizing IRS to Assess ACA Employer Penalties

Alerts

Building Industry Groups and Municipalities Clash With NYSDEC Over Recent Changes to State Wetland Law and New Wetland Regulations

Alerts

Not-for-Profits Face New Threats to Tax-Exempt Status


 

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out