Don’t Wanna Pay Ransom Gangs? Test Your Backups
Rather, it's about why victims still pay for a key needed to decrypt their systems even when they have the means to restore everything from backups on their own. Experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups is that nobody at the victim organization bothered to test in advance how long this data restoration process might take. "In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it's going to take," said Fabian Wosar, chief technology officer at Emsisoft. Wosar said the next most-common scenario involves victims that have off-site, encrypted backups of their data but discover that the digital key needed to decrypt their backups was stored on the same local file-sharing network that got encrypted by the ransomware. The third most-common impediment to victim organizations being able to rely on their backups is that the ransomware purveyors manage to corrupt the backups as well. Bill Siegel, CEO and co-founder of Coveware, a company that negotiates ransomware payments for victims, said most companies that pay either don't have properly configured backups, or they haven't tested their resiliency or the ability to recover their backups against the ransomware scenario. Wosar said all organizations need to both test their backups and develop a plan for prioritizing the restoration of critical systems needed to rebuild their network.