As Apple gets caught up in a $50 million ransomware extortion by a significant cybercriminal gang, new research reveals just how unlikely it is that organizations will get all their data back if they pay up.
On April 23, it was reported how the notorious cybercriminal gang behind the REvil ransomware operation had attempted to get Apple to pay the ransom for another business that it had targeted.
That business, REvil said, was Apple original design manufacturer Quanta Computer and the gang said it had stolen the schematics for a number of new Apple products. Several blueprints were published to the REvil dark web site, including one that 9to5Mac determined was related to the 2021 MacBook Pro.
The story has progressed since then, with Bleeping Computer reporting that REvil had now deleted those Apple blueprints from the dark web ransomware leak site. A private chat channel created by REvil and Quanta, the reporter said, included a promise by the gang to stop talking to reporters so that negotiations could take place.
The ransom, it was also noted, had dropped from $50 million to $20 million if paid by May 7.
That said, even if a payment was forthcoming, new research reveals the shocking reality of ransomware today: 92% of organizations don’t get all their data back.
Paying a ransom doesn’t guarantee data recovery
According to the Sophos State of Ransomware 2021 report, the number of organizations deciding to pay a ransom has risen to 32% in 2021 compared to 26% last year. Here’s the thing though, that same global survey discovered that only 8% of them got all their data back despite doing so. Nearly a third, 29%, couldn’t recover more than half the encrypted data.
Even what appears to be some good news in the report, that the number of organizations whose data was encrypted by ransomware dropped from 73% in 2020 to 54% in 2021, is tempered by the new reality of ransom attack behavior.
“We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking,” Chester Wisniewski, principal research scientist at Sophos, said.
The potential for damage is, therefore, higher from these complex and highly targeted attacks. Attacks that include data exfiltration as the norm and publication or sale of that data as leverage.
“Such attacks are harder to recover from,” Wisniewski continued, “and we see this reflected in the survey in the doubling of overall remediation costs.”
