Cyber Security

Investment in cybersecurity reduces ransomware lawsuits • The Register

Investment in cybersecurity reduces ransomware lawsuits • The Register
Written by ga_dahmani
Investment in cybersecurity reduces ransomware lawsuits • The Register

An increased willingness by companies to invest in cybersecurity may finally be starting to make a difference, according to US legal giant BakerHostetler.

While ransomware was involved in 37% of the 1,270 incidents the company handled in 2021, up 10% from 2020, today’s report Data Security Incident Response Report [PDF] suggests that the increasing adoption of mitigation techniques such as multi-factor authentication (MFA) and backups are driving down the price of ransoms.

“Of the ransomware matters we helped manage in 2021, the average ransom demand paid was around $511,957, about two-thirds of the average amount paid in 2020,” the report says.

The company noted that the average time between demand and payment had lengthened from five days in 2020 to eight. “This is likely to be a driving factor in the decline in the average ransom demand paid,” according to the report.

“More organizations have invested in improving their data backup capabilities and are able to continue at least partial operations after a ransomware incident, putting them in a better position to negotiate over a longer period of time and reach a higher discount for the ransom demand, if the need to pay arises,” the firm said.

“Furthermore, if a decryption tool is not needed and an organization is only paying to prevent further disclosure of their data, they can often take longer to negotiate the claim, which can lead to a larger discount.”

The numbers are compelling. BakerHostetler said the largest ransom demand made to a customer in 2021 was more than $60 million, up from $65 million a year earlier. But the largest ransom paid was just $5.5 million.

The report also highlighted an average time from demand to payment of 11.1 days, 9.8 for payments over $1 million, 13 for payments ranging from $200,000 to $1 million, and 12.2 days from encryption. until restoration.

The wider adoption of cybersecurity tools and measures means that companies have also become better able to identify breaches. BakerHostetler adds that the median number of days between intrusion and detection in 2021 was nearly half of what it was in 2020.

“Organizations are detecting intrusions faster and many threat actors are no longer hanging around systems before achieving their goals. Criminals do not want to be detected and expelled, so they are shortening their own dwell times.

“In addition, the notification timeline is trending down in part due to threat actors providing information more quickly about the data they have stolen. This then informs the forensic investigation, which can focus on the systems of the the data comes from, providing a better and earlier understanding of the data involved, which allows for earlier notification times”.

This also applied to the foiling of fraudulent fund transfers via spoofed email addresses. “Our customers were able to identify fraudulent funds transfer schemes prior to transferring funds more frequently in 2021 than in 2020. In fact, in 2021, 40% of customers identified fraudulent funds transfer schemes prior to any loss of funds, compared with only 30% in 2020. .

Confessions of a Ransomware Negotiator: Well, Someone Needs to Talk to the Criminals Holding Your Data Hostage


“This trend is likely the result of increased employee education and training on direct deposit, wire transfer and ACH payment protocols, and on identifying potential fraudulent funds transfer schemes before losses occur.”

However, the law firm noted that while organizations are improving their response to security incidents, this has not protected them from the risk of legal action by clients.

Of the 23 incidents BakerHostetler handled, more than 58 lawsuits were filed. Breaking that down, eight incidents had more than one (but less than five) lawsuits filed, four incidents had five or more, and 43 lawsuits were against a healthcare organization.

The official advice in the Anglo-Saxon world is not to give in to ransomware demands because it only serves to assert the attack method as a viable business model for criminals. However, if the report’s findings are to be believed, investing in security and training is having a similar, albeit subtle, effect.

You can read registerThe special feature on what to do when attacked by ransomware, including advice on your interaction with insurers and cyber experts you might hire later, here; our special on corporate ransomware-as-a-service gangs here; and our conversation with a former police officer who works as a ransomware negotiator here. ®

About the author


Leave a Comment