Suspected ransomware attacker Kaseya arrives in Texas for trial


In cybersecurity history, the US Independence Day weekend in 2021 is not remembered for the restful and relaxing summer celebrations you would normally associate with the 4th of July.

Instead, it’s remembered as the weekend of the notorious Kaseya ransomware Attack.

This was ransomware-with-a-difference, and the difference was the ultimate scale of the attack and the size of the side effects.

In a typical attack on Company X, critical files and data on X’s network are encrypted by the cybercriminals, disrupting X’s computer systems – often including laptops, servers and network services – and bringing business operations to a complete halt.

Then comes an extortionate demand for Y dollars in bitcoin, where Y is often in the hundreds of thousands and sometimes in the millions: “Give us the money and we’ll get your data back for you.”

When you pay, all you get is a promise

Of course, the criminals don’t actually do the time-consuming work of recovering the files they just encrypted (and even if they offered to do the hard work for you, you almost certainly wouldn’t let them back into your network anyway want ).

The huge sum you pay doesn’t actually bring your data back – it just offers you a promise to recover it by providing the passwords needed to decrypt your destroyed files.

Therefore the Sophos 2020 State of Ransomware Survey told us that the average cost of recovering from a ransomware attack for companies that had their own backups and didn’t have to pay the crooks extortion money was nearly $750,000…

…while the average cost for those who had no choice but to pay (or perhaps thought paying the crooks would somehow short-circuit the traditional complexity of disaster recovery) is almost exactly double that at just under $1,500,000 were.

You only pay the ransom for them hope recovering data that you would otherwise have lost forever, not actually completing the recovery process.