The exact question is "in the last year, has your organization been hit by ransomware?". It reads a little vague to me -- is a visible unsuccessful attack the same as getting "hit by ransomware"?
It might over time. If I was deploying ransomware, the first thing I would do after receiving a ransom payment from a company would be to try them again in a month or two.
I don't have any evidence either way so all I can do is appeal to common sense, but I can't imagine most of the organizations hit by ransomware didn't at least devote some extra amount of attention or resources towards IT security in response. At a bare minimum I'd expect them to at least patch the vulnerability that the ransomware used to infect their systems.
Are there any examples of orgs that have been repeatedly hit by ransomware over and over?
Working backups are not enough to insulate you from this threat. If you allow an attacker to remain within your systems long enough you might find they've encrypted all your backups!
"If a $2m ransomware attack hits your organization every 5 years"
The question is - how do you know that it is going to hit you every 5 years?
This isn't a completely random event. If you build up a reputation of being a soft target, other hackers will try to dip their beaks, too. And there is a lot of them out there.
Paying even one Danegeld attracts more Vikings to your shore.
In a way, your analogy does make sense. But, I would also consider the question "Why haven't we heard of Data Centre Providers being affected by Ransomware" a valid one. And that was my first thought when I saw the question. I am hoping that is what the original question was about.
> What mystifies me about ransomware attacks is how many targets don't notice that vast quantities of data are being systematically exfiltrated.
What is your understanding of ransomware? The point isn't to exfiltrate every byte of data, it's to encrypt it in-place (sabotage, not theft).
Is some data exfiltrated in some cases? Sure. I'd argue those are espionage cases masquerading as ransomware, and your question holds. But by design ransomware is supposed to fly under the radar.
I'd assume that this is a closely guarded secret. A company wouldn't want to encourage targeted ransomware attacks by admitting that (1) their security is bad enough that they were hit by ransomware in the past and (2) they're willing to pay ransom.
Doesnt this just mean that 80% of orgs that were hit with ransomware attacks just didn't bother to fix their infosec, and got hit again because they left the same holes open to be exploited?
Fool me once, shame on you. Fool me twice, shame on me.
> Ransomware is a profit-driven enterprise. If it is made unprofitable, most attacks will quickly stop.
This is conjecture presented as fact.
Here is an alternative conjecture: what if ransomware is mainly a sociopathically-driven enterprise, with a side interest in profit? Or what if a good chunk of it is?
How many ransomware perpetrators have we captured, and subjected to psychological study, to be able to confidently say what ransomware is or is not?
No, the reputation they have to maintain is of following through on their threats ie maintain their aura of fear. If i KNOW a ransomware attack means an instant loss of data it takes away the sting - it just becomes the same as if the harddrive containing the data went poof. However if there is a chance for me to get the data back you better believe i will try as hard as i can to get the password from the datajackers.
reply