The Role of Law Enforcement in Remediating Ransomware Attacks

May 20, 2024

In many cases in the past, fear of negative press and customer loss kept victims of ransomware attacks from making the attacks they suffered public. The main reason that trend has changed, and that reporting incidents has become more common, is the efficacy of law enforcement assistance in remediating a ransomware attack. Surveys of available data by Sophos have shone a light on the specific ways in which law enforcement has been of use. The Sophos state of ransomware survey shows that 59% of surveyed organizations were hit with ransomware attacks in the last year (down from 66% in 2022 and 2023), but 97% of afflicted organizations engaged with law enforcement due to the attack, up significantly from previous years. Of those organizations, 61% reported receiving advice on dealing with the attack, 60% got help with investigations the attack, and 40% reported receiving help with attack recovery. When asked about ease of engagement, more than half reported that the process of engaging with law enforcement was at least somewhat easy.

The 3% of respondents who did not report their attack to law enforcement gave a variety of reasons for their decision. The most common reasons given were that they believed it would have a negative effect on their organization, such as fines, charges, or extra work, or that they believed there would be no benefit to reporting the attack to law enforcement. Others reported that they were warned by attackers not to engage with law enforcement, or that they did not think law enforcement would be interested in engaging with them.

Incidentally, a very encouraging sign from this survey is that 98% of respondents who experienced data encryption were able to retrieve their data. 68% of those respondents were able to use backups to restore their data, compared to 56% who paid the ransom to restore their data. 47% of respondents reported using more than one method, including backups, payments, or other means, including working with law enforcement or using public decryption keys.

More from Blackwired

October 14, 2024

SOC teams are frustrated with their security tools

SOC teams face noise from security tools, with only 16% of alerts being genuine. AI tools are increasingly adopted to improve efficiency.

Read more
October 7, 2024

NIST proposes barring some of the most nonsensical password rules

NIST recommends longer passwords, no resets, and no special characters. Use random passwords or memorable passphrases stored in a manager.

Read more
September 30, 2024

Don’t panic and other tips for staying safe from scareware

This social engineering tactic convinces users they are compromised, urging them to download malware disguised as antivirus software.

Read more

© 2024 Blackwired. All Rights Reserved.