attacco ransomware Piergiorgio Venuti

Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer.

Estimated reading time: 5 minutes

The devastating impact of ransomware on businesses

Ransomware has become one of the most damaging cyber threats to businesses in recent years. Cyber criminals target company networks, encrypt important files, and demand a ransom to provide the decryption key. The dilemma of whether or not to pay the ransom is something every affected company has to face.

According to the 2021 Clusit report, ransomware attacks in Italy grew 105% compared to 2020, confirming themselves as the leading type of malware. The consequences of these attacks can be devastating, with systems locked, operations interrupted, and data encrypted. 66% of affected companies declared the impact ranged from moderate to catastrophic.

Recovery times after a ransomware attack are long: 48% of companies took at least 3 days to return to normal, but in some cases the disruptions continued for weeks. This causes significant productivity losses and missed earnings.

Why companies choose to pay the ransom

Despite the risks, about 30% of affected companies opt to pay the ransom. The motivations are:

  • Quickly obtaining the keys to resume operations as soon as possible
  • Avoiding immediate reputational impact by promptly paying the demand
  • Lack of reliable backups to restore systems
  • Presence of insurance policies covering the ransom
  • Perception that it is the only way to regain access to data

Often companies are not aware of the risks associated with payment, namely:

  • Having no guarantee of obtaining decryption keys
  • Financing further attacks thus incentivizing criminals
  • Incurring other costs and impacts post-payment

Cost/benefit analysis: is it worth paying the ransom?

ransomware attack

Before making a decision it is important to thoroughly evaluate the costs and benefits of paying the ransom:

Potential benefits:

  • Speed of system recovery and business continuity
  • Lesser immediate reputational impact

Potential risks and costs:

  • No guarantee of obtaining working keys
  • Financing organized crime
  • Violation of international sanctions
  • Post-attack costs: forensic analysis, system restoration, communications
  • Legal impacts and regulatory compliance
  • Long-term reputational damages

Most analysts agree that the potential damages outweigh the actual benefits. Companies should invest more in ransomware prevention.

Increasing trend despite the risks

Despite these assessments, ransomware ransom payments are on the rise. In 2021 attackers globally earned about $603 million, of which $350 million in the United States alone.

This shows that a certain percentage of companies still prefer to pay, driven by the need to quickly restore operations. But experts agree that this strategy only risks further fueling the ransomware threat.

How widespread is ransom payment by geographic area?

The propensity of companies to pay ransom can vary significantly by geographic region:

  • North America: about 33%
  • United Kingdom: 46%
  • Germany: 15%
  • Nordic countries: 10%
  • Australia: 42%
  • India: 28%
  • Singapore: 19%
  • Brazil: 35%
  • Chile: 13%
  • Argentina: 19%

In some countries the authorities strongly discourage and deter any payment, influencing the choices of affected companies. Also the overall cyber maturity of a country can affect it.

Ransomware-as-a-Service: a growing criminal business

Much of the growth in ransomware attacks is due to the spread of Ransomware-as-a-Service (RaaS) models. Criminal groups develop and manage the malware and infrastructure, then rent access to affiliates for a percentage of the attacks’ proceeds.

RaaS has made ransomware attacks within reach of even less skilled criminals. This has led to a proliferation of the threat. Dismantling this model requires an international commitment by law enforcement and governments.

The importance of investing more in prevention

The best strategy for addressing the growing ransomware threat is to invest more heavily in prevention, detection, and incident response. Companies should:

  • Implement strong multi-layered security defenses
  • Perform regular complete backups and test their restoration
  • Adequately train staff on cybersecurity
  • Have tested incident response plans in place
  • Always keep entire software fleet updated
  • Closely monitor network for suspicious activity

Cyber insurance and actively collaborating with law enforcement in case of an attack are also advisable.

Government support against attacks

Government authorities and law enforcement are trying to counter the ransomware threat with initiatives on multiple fronts:

  • Awareness campaigns towards citizens and companies
  • Platforms for sharing threat intelligence
  • Specialized units dedicated to fighting cybercrime
  • International cooperation for joint investigations and operations
  • Sanctions against organizations and states supporting ransomware
  • Discouraging or banning ransom payments

However, efforts need to be intensified, given the global scale the phenomenon has taken on and the vast resources available to the attackers.

Conclusions: better prevent than pay

In summary, the best strategy for dealing with ransomware remains heavily investing in prevention, rather than indulging attacker demands by paying ransoms. A culture of cybersecurity, robust technological defenses, and active collaboration with authorities are the most effective tools to counter this evolving threat.

SOD (Secure Online Desktop) can provide various useful services to prevent the problem of ransomware attacks:

  • Backup and disaster recovery: SOD can offer managed data backup services, both on-premise and cloud-based, to guarantee system restoration in case of a ransomware attack.
  • Virtualized servers: The use of virtualized servers hosted by SOD makes it harder for ransomware to encrypt data, thanks to isolation between virtual machines.
  • Threat monitoring and detection: SOD can monitor client company networks and detect suspicious activity to identify potential ongoing ransomware attacks.
  • Sandboxing: Suspicious files can be analyzed in an isolated environment to detect ransomware payloads before they reach production systems.
  • Security awareness training: SOD can provide cybersecurity training courses to make employees more aware of ransomware risks.
  • Vulnerability assessment: Penetration testing and vulnerability assessment to identify and correct vulnerabilities in systems exploited by ransomware.
  • Advanced endpoint protection: Endpoint detection and response solutions suitable for preventing and detecting ransomware attacks on company computers and devices.

By collaborating with SOD, companies can improve their defenses against the growing ransomware threat.

Contattaci

Useful links:

Share


RSS

RSS feed

More Articles…

Categories …

Tags

Acronis Cloud Backup BaaS Backup cloud cloud computing Cloud Conference cloud provider reggio emilia cloud server cloud services CTI cyber security cyber security cyber threat Cyber Threat Hunter Data Exfiltration GDPR Machine Learning Monitoraggio infrastruttura ICT Next Generation SIEM nextgen siem online hosting owncloud owncloud pentest Phishing Plesk Ransomware Ransomware security server virtuale sicurezza siem Smart Working SOAR SOCaaS Threat intelligence UEBA VDS Virtual Machine vps vulnerability assessment web hosting webinar Zabbix Zabbix as a Service

RSS Unknown Feed

RSS Full Disclosure

  • MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client February 21, 2025
    Posted by Qualys Security Advisory via Fulldisclosure on Feb 20Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client CVE-2025-26466: DoS attack against OpenSSH's client and server ======================================================================== Contents ======================================================================== Summary Background Experiments Results MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client DoS...
  • Self Stored XSS - acp2sev7.2.2 February 21, 2025
    Posted by Andrey Stoykov on Feb 20# Exploit Title: Self Stored XSS - acp2sev7.2.2 # Date: 02/2025 # Exploit Author: Andrey Stoykov # Version: 7.2.2 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2025/02/friday-fun-pentest-series-19-self.html Self Stored XSS #1: Steps to Reproduce: 1. Visit "http://192.168.58.168/acp2se/mul/muladmin.php" and login with "admin" / "adminpass" 2. In the field "Put the […]
  • Python's official documentation contains textbook example of insecure code (XSS) February 21, 2025
    Posted by Georgi Guninski on Feb 20Python's official documentation contains textbook example of insecure code (XSS) Date: 2025-02-18 Author: Georgi Guninski === form = cgi.FieldStorage() if "name" not in form or "addr" not in form: print("Error") print("Please fill in the name and addr fields.") return print("name:", form["name"].value) print("addr:",...
  • Re: Netgear Router Administrative Web Interface Lacks Transport Encryption By Default February 18, 2025
    Posted by Gynvael Coldwind on Feb 17Hi, This isn't really a problem a vendor can solve in firmware (apart from offering configuration via cloud, which has its own issues). Even if they would enable TLS/SSL by default, it would just give one a false sense of security, since: - the certificates would be invalid (public […]
  • Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network. February 16, 2025
    Posted by upper.underflow via Fulldisclosure on Feb 16Hello, About an hour ago, a group appearing to be named WyRCV2 posted a note on the nostr social network, which can be found at the following link: https://primal.net/e/note1vzh0mj9rcxax9cgcdapupyxeehjprd68gd9kk9wrv939m8knulrs4780x7 Save, share, use. The paste link includes a list of nodes that the attacker has instructed to target, along […]
  • Netgear Router Administrative Web Interface Lacks Transport Encryption By Default February 16, 2025
    Posted by Ryan Delaney via Fulldisclosure on Feb 16
  • [CVE-2024-54756] GZDoom <= 4.13.1 Arbitrary Code Execution via Malicious ZScript February 16, 2025
    Posted by Gabriel Valachi via Fulldisclosure on Feb 15In GZDoom 4.13.1 and below, there is a vulnerability involving array sizes in ZScript, the game engine&apos;s primary scripting language. It is possible to dynamically allocate an array of 1073741823 dwords, permitting access to the rest of the heap from the start of the array and causing […]
  • Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) February 16, 2025
    Posted by David Fifield on Feb 15Today at about 2025-02-13 19:00 I noticed the "≠" is back, but now the type 0x12 payload of the ?q query parameter gets formatted into the string representation of an IP address, rather than being copied almost verbatim into the page. If the payload length is 4 bytes, it […]
  • SEC Consult SA-20250211-0 :: Multiple vulnerabilities in Wattsense Bridge February 13, 2025
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 12SEC Consult Vulnerability Lab Security Advisory < 20250211-0 > ======================================================================= title: Multiple vulnerabilities product: Wattsense - Wattsense Bridge vulnerable version: Wattsense Bridge * Hardware Revision: WSG-EU-SC-14-00, 20230801 * Firmware Revision: Wattsense (Wattsense minimal)...
  • APPLE-SA-02-10-2025-2 iPadOS 17.7.5 February 11, 2025
    Posted by Apple Product Security via Fulldisclosure on Feb 10APPLE-SA-02-10-2025-2 iPadOS 17.7.5 iPadOS 17.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122173. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, […]

Customers

Newsletter

{subscription_form_1}
Products and Solutions
Partners
Cloud Models
News
Google Reviews
Secure Online Desktop s.r.l.
4.9
Based on 37 reviews
powered by Google
review us on
Omid Fazeli
06:59 20 Apr 18
They have a lot of solutions for any kind of business. Lower prices than many others. The support service is always active and efficient.
See All Reviews
js_loader
Facebook
Secure Online Desktop s.r.l.
Secure Online Desktop s.r.l.
5.0
Based on 12 reviews
powered by Facebook
review us on
Paolo Raimondi
Paolo Raimondi
11:06 21 Apr 18
La Polimatica Progetti Srl, azienda di... cui sono titolare, collabora con soddisfazione da alcuni anni con Secure Online Desktop. L'Azienda è costituita da professionisti seri e competenti. Insieme a loro abbiamo costruito un sistema organizzato di soluzioni ICT, servizi e attività di consulenza per la compliance alla normativa in materia di protezione dei dati personali (GDPR).read more
Ilaria Miglietta
Ilaria Miglietta
04:16 21 Apr 18
Servizi affidabili e di semplice... utilizzo. I loro tecnici molto attenti alle esigenze del cliente, continuate cosìread more
Francesca Marastoni
Francesca Marastoni
11:41 20 Apr 18
Excellent service company with... wonderful stuff. Highly recommended.

Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more
Alessio Liga
Alessio Liga
08:25 20 Apr 18
Servizi di alto livello, competenti e... disponibili a accettare nuove sfide per sviluppare business
Ottimo supportoread more
Matteo Revelli
Matteo Revelli
22:39 19 Apr 18
Ottima azienda, offre servizi di alta... qualità con personale competente e disponibile.read more
Lorenzo Munari
Lorenzo Munari
16:25 19 Apr 18
Azienda molto seria e... affidabile.

E' un piacere poter collaborare con realtà di questo tiporead more
Francisco Amadi
Francisco Amadi
10:41 19 Apr 18
Ho avuto il piacere di collaborare con... loro e spero vivamente che succeda di nuovo. Competenti, professionali, precisi e cordiali!read more
Davide Michelotto
Davide Michelotto
07:42 19 Apr 18
Ottimo servizio, seri professionisti al... timone della società e celerità nei tempi di risposta, oltre ogni aspettativa.read more
Gabriele Petralia
Gabriele Petralia
12:28 18 Apr 18
Luca Prati
Luca Prati
10:12 18 Apr 18
Azienda eccellente, consulenza... customizzata e puntuale.
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more
Valerio Lezza
Valerio Lezza
21:35 17 Apr 18
Daniela Cospito Di Leo
Daniela Cospito Di Leo
21:20 17 Apr 18
More Reviews
js_loader
payments gateway
About