You Might Have a 50/50 Chance to get Your Data Back if You Pay That Ransom

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,559
According to a survey sent to 1,200 IT security personnel and decision makers around the world only about half of those who paid the ransom after being infected by ransomware were able to get their data back. The reasons for this are multiple, but the moral to this story is back up your data and keep it offline so it isn't compromised. There's no guarantee you're going to get your stuff back even if you pay up. Practice safe internet hygiene [H] brothers and sisters.

Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications.
 
Is this one of the reasons why the "Cloud" is promoted, as one way to save your files.
 
Uncle said:
Is this one of the reasons why the "Cloud" is promoted, as one way to save your files.
Click to expand...

Save your files to someone elses computer, yes. Ransomware is very easy to deal with. 1) Don't surf with Windows 2) Back up your files.
 
You'd have 100% chance if you had practiced good data keeping and maintained backups.
 
Uncle said:
Is this one of the reasons why the "Cloud" is promoted, as one way to save your files.
Click to expand...
It is promoted like that but completely insufficient. A lot of cloud backups will automatically sync your data, replacing your backups with encrypted versions. You may have a better chance of getting it restored to a previous version with the cloud over a local online backup but the only safe backup is an offline one.
 
The place where I work had a ransomware attack because the old IT manager had a workstation setup with direct access via RDP. It enctypted every file share on our local network. Thank the Gods I have a good backup system (Backup Exec) and restored the data within 6 hours. I also had to re-import my two VM DCs as well. We were up and running within a day. It could of been worse....but I live and die by my backups. Hence why we now have everything in the cloud with Office 365 and SHarepoint. We also back that information up!!!!
 
The Cobra said:
The place where I work had a ransomware attack because the old IT manager had a workstation setup with direct access via RDP. It enctypted every file share on our local network. Thank the Gods I have a good backup system (Backup Exec) and restored the data within 6 hours. I also had to re-import my two VM DCs as well. We were up and running within a day. It could of been worse....but I live and die by my backups. Hence why we now have everything in the cloud with Office 365 and SHarepoint. We also back that information up!!!!
Click to expand...

Backup, Backup, Backup. It should be one of the top priorities. You also need to make sure backups are taken off-site in case of disaster.

I use Microsoft's DPM, be cause we get it for free as part of our contract with Microsoft. Had Backup Exec years ago, but had too many problem and didn't like the constant expensive upgrade cycle.
Servers are synced to the backup server multiple times per day, and the data is then copied to tape every weekend and taken off-site.

However, if I lost everything, it would take me longer than a day to restore the 50TB of data on my servers :eek:
Need to upgrade to 10GB Ethernet to improve the restore times.
 
"Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications."


I'm confused here. It doesn't say that half of the people got their data back by paying the ransom, just that they used backups or decrypter programs. Only 19% got their data back after paying. Does that insinuate that 38% actually payed the ransom but only 19% got their files back?
 
This is a Windows problem. Can't find a Linux distro that was effected by this, not even on purpose.

 
I don't care what data you lost, bite the bullet and recreate it. Don't pay the ransom. Paying the ransom makes it worse. Ignorance about backups and proper computer use is not a defense. Sorry, it's 2018.
 
Here's a scoop for you "blame WIndows" people - PROPER use of Windows and admin privileges, it works very much like linux. 1. There is ZERO excuse for end users to be local admins 2. Admins should NEVER grant admin rights to their main account, they should have a separate admin account with elevated rights. 3. There is NO REASON for people with those admin rights to actually log in to the machine as the admin user - log in with the standard account and Run As the admin account to execute an installer or whatever that needs elevated permissions.

ANd, you'll never fix stupid. I have yet to see any fake email or web site that would actually make me consider clicking and executing the malware. But obviously lots of people do. I've used Windows since Windows 1.0 and have never EVER had a virus or malware on any computer that I controlled access to. And no, that does not mean I've only ever surfed to vanilla web sites. I've always used IE, now I use Edge, probably 75% with Chrome the other 25%. Yes, I scan my computer with multiple tools in case something slips past one of them. Never found anything.

We've assisted multiple clients with Ransomware. All had offline backups, none paid. Most were initially compromised due to weak passwords, like Password, combined with users having local admin rights. Their rebuilt systems no longer allow such things. But it took months of rebuilding and millions of dollar for them to realize not requiring complex passwords and making people admins were bad ideas.
 
Gweenz said:
I don't care what data you lost, bite the bullet and recreate it. Don't pay the ransom. Paying the ransom makes it worse. Ignorance about backups and proper computer use is not a defense. Sorry, it's 2018.
Click to expand...

Sure I will just go back in time and ask my dead grandmother to celebrate her birthday again. ;)

Yes I agree you should back up things. But realize not everything can be "recreated"
 
pretty sure im not paying to decrypt some porn. everything important is in glacier and/or s3. hell, if i was hit with ransomware, it'd free up a lot of space after that reinstall...
 
Megaslug said:
Here's a scoop for you "blame WIndows" people - PROPER use of Windows and admin privileges
Click to expand...

Microsoft dumbed down the default UAC settings back in Windows 7 to appease the anti-Vista whiners, even though that basically defeats the whole point of the privilege escalation system.
 
you "might" ?

no, you "will definitely" have a 50/50 chance.
by definition, you either get your data back, or you don't. That's 50/50.
 
It’s called Veeam people, get, use it, live by it. You will never pay a ransom again. Ad yes, no one should be a local admin, and yes, you should lock apps running from %appdata% etc via gpo. But still, Veeam rocks, 20 minute incrementals with full failover tested by surebackup will get you a raise.
 
kju1 said:
Sure I will just go back in time and ask my dead grandmother to celebrate her birthday again. ;)

Yes I agree you should back up things. But realize not everything can be "recreated"
Click to expand...

And because you were too lazy to back them up, everyone else should have to pay the price when these scams get worse. Got it.
 
So far every customer I have seen who opted to pay the ransom was given the decryption tools.

Before you say "blah blah blah, you suck, you're incompetent, blah blah.", Often the call about the crytpo virus is the first interaction we have had with the customer. Everything prior is out of our hands.

Additionally you would be amazed the number of companies unwilling to spend even $100 on an external hard drive, to backup the data their entire company depends on. Despite multiple warnings and even signing documents acknowledging that they are being insane.
 
How many days of daily backups would be a good number for a business?
I am helping a friend's business and keeping 30 days or so.
 
northwoodsf said:
How many days of daily backups would be a good number for a business?
I am helping a friend's business and keeping 30 days or so.
Click to expand...

It depends on the business. 2-5 years on at least 2 different places is a good start for small business practices.
 
northwoodsf said:
How many days of daily backups would be a good number for a business?
I am helping a friend's business and keeping 30 days or so.
Click to expand...

Typically however many days it will take the company to notice the issue would be the minimum. 30 days is probably fine. When possible I would like to see 30 days or so of daily and then weekly and monthly for as long as you can maintain. A lot of this would depend on the specific customer and their data concerns.

I saw one company who thought they were safe because they had 1 nightly image backup (due to cheapness and HD space constraints.) Got infected with crypto locker Friday, didn't notice the issue till Monday. Had a great backup of the infected machine in its infected state lol.
 
Last edited:
The issue everyone misses isn't whether you get your data back, it's whether you're not still infected. If you get your data back, what's to stop the already installed malware from infecting in another avenue?

Paying the ransom is NOT the solution. Advance planning is.
 
The Cobra said:
The place where I work had a ransomware attack because the old IT manager had a workstation setup with direct access via RDP. It enctypted every file share on our local network. Thank the Gods I have a good backup system (Backup Exec) and restored the data within 6 hours. I also had to re-import my two VM DCs as well. We were up and running within a day. It could of been worse....but I live and die by my backups. Hence why we now have everything in the cloud with Office 365 and SHarepoint. We also back that information up!!!!
Click to expand...

Oh damn, going through a Windows Server class this semester and I understand losing your domain controllers would have been a clusterfuck!
 
KarsusTG said:
It depends on the business. 2-5 years on at least 2 different places is a good start for small business practices.
Click to expand...

Kardonxt said:
Typically however many days it will take the company to notice the issue would be the minimum. 30 days is probably fine. When possible I would like to see 30 days or so of daily and then weekly and monthly for as long as you can maintain. A lot of this would depend on the specific customer and their data concerns.

I saw one company who thought they were safe because they had 1 nightly image backup (due to cheapness and HD space constraints.) Got infected with crypto locker Friday, didn't notice the issue till Monday. Had a great backup of the infected machine in its infected state lol.
Click to expand...

Thank you both for your input.
With the hardware setup my friend's small company has, I can only keep about 30 days of local backups.

At my regular work place, our servers and network drives were never infected by ransomware, but some users' laptops were.
They were told tough luck in a nice way.
 
northwoodsf said:
Thank you both for your input.
With the hardware setup my friend's small company has, I can only keep about 30 days of local backups.

At my regular work place, our servers and network drives were never infected by ransomware, but some users' laptops were.
They were told tough luck in a nice way.
Click to expand...

Ya, you have to check, but depending on what the business is would determine the minimum time. I have never seen a small business that dealt with money or medical have less than 2 years though. No matter how long you keep backups, you need to ensure that you have two sets, preferably at least one off site.
 
You must log in or register to reply here.
Back
Top