In an open letter, a group of professors from the field of IT security call on the federal government to implement more measures against encryption software, so-called ransomware [1]. Among other things, the professors criticize the high willingness to pay of companies in Germany when they have fallen victim to such software.
This is confirmed by a current Kaspersky study, according to which 88 percent of the companies that were already the target of a ransomware attack would pay a ransom if they were attacked again [2]. In contrast, for companies that have not yet been hit by a ransomware attack, only 67 percent would be willing to do so in principle – but they would be less inclined to do so immediately. Paying ransom often seems to be viewed by executives as a reliable means of dealing with the problem.
A clear "no" in terms of payment
Kaspersky experts have been investigating ransomware attacks for a long time and also warn against paying cybercriminals, as there is no guarantee that data will actually be completely recovered afterwards. In addition, cybercriminals are encouraged in their actions by payments made.
To support companies in the fight against ransomware, Kaspersky has now published the report "Common TTPs of Modern Ransomware" [3]. The cybersecurity expert aims to acquaint readers with the different phases of ransomware deployment, how cybercriminals use RATs and other tools in the different phases, and what they aim to achieve. The analysis also provides a visual guide to mitigating targeted ransomware attacks, using the most prolific groups as examples, and introduces the reader to Kaspersky's SIGMA detection rules.
Ransomware - more than a serious threat
"Ransomware has become a serious threat to businesses as new patterns regularly emerge and APT groups use it for advanced attacks," said Christian Milde, Managing Director Central Europe at Kaspersky. “Even an accidental infection can become a challenge for a company. Because business continuity is often at stake, executives are forced to make difficult decisions about paying the ransom.
However, we generally recommend not paying cyber criminals, as this does not guarantee that the data will actually be decrypted again; however, a payment encourages them to repeat their course of action. At Kaspersky, we are working with increasing success to help companies avoid such consequences. It is important for companies to follow basic security principles and engage with reliable security solutions to minimize the risk of a ransomware incident. The anti-ransomware tag is a good reminder of these important practices.”
[1] https://background.tagesspiegel.de/newsletter/1u1dL5NatiBsLfPdimB5Iz[2] https://www.kaspersky.de/about/press-releases/2022_ransomware-88-prozent-der-firmen-die-bereits-betroffen-waren-wurden-bei-einem-erneuten-angriff-losegeld-zahlen
[3] https://securelist.com/modern-ransomware-groups-ttps/106824/
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/