The cybersecurity community was rocked by a massive event when LockBit Ransomware once a powerful domain suddenly changed, displaying flags of nations united against cybercrime. On February 20, 2024, the Department of Justice, working with law enforcement agencies worldwide, dealt a major blow to LockBit’s illegal operations.
In a decisive move, authorities targeted one of the world’s biggest ransomware groups, taking control of its systems and capturing key members.
However, amid the investigation, a troubling revelation emerged, shedding light on the deceptive practices of LockBit and the reality of ransomware collectives. Despite their claims of data deletion upon ransom payment, evidence surfaced of lingering data belonging to companies who had complied.
“Some of the data on LockBit’s systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it does not guarantee that data will be deleted, despite what the criminals have promised,” reads NCA official Statement.
It’s undeniable that the LockBit collective frequently resorts to double extortion tactics, so it’s not surprising that this occurred. Yet, this only highlights the harmful consequences of ransom payments for those affected.
The statistics paint a grim picture of the ransomware domain, revealing the harsh realities faced by organizations that fall victim to these attacks. According to a report by Spin.AI, a staggering 36% of companies find themselves targeted for a second time after paying a ransom, highlighting the persistent threat posed by cybercriminals.
Even for those who comply with ransom demands, the outcome is often far from satisfactory, with 41% failing to recover all their data and over 40% forced to rebuild their systems from scratch. Additionally, nearly 30% of ransom-paying companies had their data leaked by criminals highlighting the treacherous nature of engaging with extortionists.
Despite the increasing frequency and severity of ransomware attacks, the financial toll exacted on businesses remains staggering. With an average ransom payment exceeding $800,000, the financial strain on organizations is immense.
In the face of such daunting odds, organizations must grapple with ethical and practical dilemmas. Is it worth risking further victimization to regain control of their data? Can they afford to rebuild their systems from scratch, knowing that paying the ransom may not guarantee their safety?
As we go deeper into the tangled web of ransomware, one burning issue remains: is paying the ransom ever a viable option? The latest LockBit raid, combined with dismal data and tragic victimization stories, pushes us to face the sad reality that there are no easy fixes when it comes to cyber extortion.
LockBit Ransomware Crackdown: The NCA’s Investigation
NAC’s recent investigation into LockBit, one of the most notorious cybercrime groups globally, has yielded invaluable insights into the workings of ransomware operations.
By infiltrating LockBit’s network and seizing control of their services, the NCA has dealt a significant blow to their criminal enterprise.
For four years, LockBit’s ransomware attacks have wreaked havoc on thousands of victims worldwide, resulting in staggering financial losses amounting to billions of pounds, dollars, and euros.
The group operated on a ransomware-as-a-service model, providing affiliates with the tools and infrastructure needed to execute attacks.
Despite victims paying hefty ransoms in cryptocurrency, the investigation has revealed a stark truth: paid ransoms do not guarantee the deletion of stolen data, contrary to the promises made by cybercriminals.
This revelation is extremely important in the field of cybersecurity, emphasizing the rising threat posed by ransomware and the critical necessity for strong defense methods.
As ransomware payments surged to over $1 billion in 2023, surpassing previous records, the NCA’s findings highlight the pressing need for proactive measures to mitigate the impact of cyber extortion on organizations worldwide.
Why Ransom Payment is Risky
Paying ransomware demands poses significant risks to organizations, with repercussions ranging from financial losses to reputational damage and ethical dilemmas. One of the foremost concerns is the lack of guarantee for data recovery.
Despite the hefty sums often demanded, there is no assurance that cybercriminals will provide decryption keys or restore access to encrypted systems after payment. This uncertainty leaves organizations vulnerable to prolonged downtime and data loss.
According to the Sophos report, on a global scale, when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs (US$750,000 in recovery costs versus US$375,000 for organizations that used backups to get data back).
Moreover, paying the ransom usually meant longer recovery times, with 45% of those organizations that used backups recovering within a week, compared to 39% of those that paid the ransom.
Moreover, paying ransom inadvertently fuels further attacks by emboldening criminals. By demonstrating a willingness to meet their demands, organizations incentivize cybercriminals to continue their illicit activities, perpetuating a vicious cycle of extortion and exploitation. This not only puts the paying organization at risk but also encourages ransomware gangs to target other vulnerable entities, amplifying the overall threat landscape.
“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Chester Wisniewski, field CTO, Sophos.
Ethical considerations also loom large when contemplating ransom payments. Funding criminal enterprises through ransom payments raises profound ethical concerns, as organizations become complicit in supporting illicit activities such as extortion and data theft. Moreover, in regions where paying ransom is illegal, organizations may face legal repercussions for their involvement in financing criminal operations.
Furthermore, the risks extend beyond immediate financial and legal consequences. Paying ransom does not guarantee that the ordeal ends there. Some ransomware gangs may sell stolen data to other malicious actors, leading to the potential for multiple ransom demands or even widespread identity theft.
Additionally, hackers may resort to extortion tactics, threatening to expose previous ransom payments unless further funds are provided. This not only exacerbates financial losses but also tarnishes the organization’s reputation, particularly if the incident becomes public knowledge.
So, What Can Be Alternatives to Paying Ransom?
When faced with the daunting prospect of a ransomware attack, organizations must consider alternatives to paying the ransom, safeguarding both their data and integrity. One of the most crucial alternatives is maintaining regular data backups.
By regularly backing up essential data and systems, organizations can mitigate the impact of ransomware attacks, enabling swift recovery without succumbing to extortion. Additionally, investing in robust cybersecurity measures is paramount.
Implementing multi-layered security protocols, such as firewalls, antivirus software, and intrusion detection systems, can help detect and prevent ransomware attacks before they inflict substantial damage. Moreover, organizations should prioritize cybersecurity awareness training for employees to mitigate the risk of human error and phishing attacks, which are common entry points for ransomware.
Furthermore, involving law enforcement agencies is essential. Reporting ransomware attacks to authorities not only facilitates the investigation and potential prosecution of cybercriminals but also contributes to collective efforts to combat cybercrime.
By exploring these alternatives to paying ransom, organizations can bolster their resilience against ransomware attacks and safeguard their data, finances, and reputation in an increasingly hostile digital landscape.
It is evident that the solution to ransomware extortion is not straightforward. However, by prioritizing resilience over capitulation, organizations can take a stand against cyber threats while safeguarding their integrity.
It is time to shift the narrative from compliance to defiance, from vulnerability to strength. Together, we can build a future where ransomware loses its grip, and cybersecurity becomes synonymous with empowerment.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.