The FBI has announced that it now has more than 7,000 decryption keys for the LockBit ransomware. Victims of a LockBit ransomware attack are encouraged to visit the Internet Crime Complaint Center at ic3.gov to obtain a decryption key for free. It could enable those organizations to recover their data, but sadly, it won’t make a dent in the ransomware scourge.
LockBit was once one of the most prolific ransomware operations, linked to about 1,800 successful attacks in the U.S. alone. An international law enforcement operation shut down the gang’s operations and outed its administrator and primary developer. However, other ransomware operations, including Black Basta, Hunters International and Play, have quickly filled the gap. A new trend is the development of ransomware variants targeting Linux operating systems, allowing these gangs to broaden their attacks and disrupt virtualized IT environments.
Ransomware gangs are also targeting specific industry sectors. For example, the Fog ransomware gang used stolen VPN credentials to launch attacks on U.S. education entities.
Data Loss Means Lost Productivity
Data loss is the best-known impact of a ransomware attack. The malware encrypts as much data as it can find, and the attackers demand a ransom in exchange for the decryption key. Even if organizations pay the ransom, there’s little guarantee that their data can be recovered.
Veeam’s 2024 Ransomware Trends Report finds that a ransomware attack affects 41 percent of production data, on average. In other words, the attack will encrypt two out of five documents, mailboxes and other business-critical data. Data stored in the cloud is just as vulnerable as that stored on-premises. Only 57 percent can be recovered, meaning the average organization stands to lose 18 percent of its production data.
That might sound small but consider that almost half of production data is affected for a period of time. According to a new report from Arctic Wolf, 94 percent of organizations that suffer a ransomware attack experienced significant downtime. This includes 40 percent of victims who experienced a complete loss of productivity due to a total work stoppage. In some cases, the cost of lost productivity exceeds the ransom demand, creating a dilemma for decision-makers.
Backup and Careful Recovery Are Key
Ransomware gangs increasingly use multipronged attacks to extort more money from their victims. Many attackers exfiltrate data before encrypting it, then threaten to expose it if the ransom isn’t paid. The FBI warns that paying the ransom provides no guarantee that the attackers will delete it. Organizations should assume that, even if they get their data back, it’s been exposed on the Dark Web. The same or another group of attackers will likely extort them again for the same data in the future.
The only real way to minimize losses from a ransomware attack is to prevent cybercriminals from accessing and modifying data. Data should be backed up frequently using immutable storage techniques. Data should also be encrypted to prevent attackers from reading any information they’re able to exfiltrate.
Organizations should also take care when recovering from an attack. The Veeam study found that 63 percent of organizations are at risk of reintroducing ransomware infections. IT teams are often compelled to skip critical steps such as rescanning data to meet demands to restore operations quickly.
How Verteks Can Help
Verteks offers a suite of managed security solutions to help organizations reduce the risk of a ransomware attack. We also provide robust backup solutions to protect vital systems and data. Contact one of our experts to schedule a confidential consultation.
