Of course, the value of that stolen data increasingly comes into play, and it may be that the auction price exceeds what an organization is prepared to pay. The gangs behind the attacks are well organized and used to the negotiation process, amenable to talking numbers. Ransomware is a business, a dirty, criminal business but one nonetheless. MORE FROM FORBES Weaponized SMS Attack Goes Viral: What Millions Of Phone Users Need To Know By null Ransom negotiators are now a standard part of ransomware incident response, and final ransoms paid tend to be a fraction of the original demand. This isn't altogether surprising given that even those big numbers that we see reported, such as the $50 million demanded from Quanta and Apple, or the $10 million from Garmin, would not be the amount actually paid if they decided to take that option.
While the ransoms themselves vary tremendously, based on the size of the victim organization and the value of the data stolen, Sophos found the average paid to be $170,404. The Sophos research suggests that average ransomware recovery costs are now $1.85 million compared to $761,106 a year ago.
"Such attacks are harder to recover from," Wisniewski continued, "and we see this reflected in the survey in the doubling of overall remediation costs." Cost of ransomware recovery has doubled across 12 months Attacks that include data exfiltration as the norm and publication or sale of that data as leverage. The potential for damage is, therefore, higher from these complex and highly targeted attacks. "We've seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking," Chester Wisniewski, principal research scientist at Sophos, said.
0 kommentar(er)
