The Role of Law Enforcement in Remediating Ransomware Attacks

May 20, 2024

In many cases in the past, fear of negative press and customer loss kept victims of ransomware attacks from making the attacks they suffered public. The main reason that trend has changed, and that reporting incidents has become more common, is the efficacy of law enforcement assistance in remediating a ransomware attack. Surveys of available data by Sophos have shone a light on the specific ways in which law enforcement has been of use. The Sophos state of ransomware survey shows that 59% of surveyed organizations were hit with ransomware attacks in the last year (down from 66% in 2022 and 2023), but 97% of afflicted organizations engaged with law enforcement due to the attack, up significantly from previous years. Of those organizations, 61% reported receiving advice on dealing with the attack, 60% got help with investigations the attack, and 40% reported receiving help with attack recovery. When asked about ease of engagement, more than half reported that the process of engaging with law enforcement was at least somewhat easy.

The 3% of respondents who did not report their attack to law enforcement gave a variety of reasons for their decision. The most common reasons given were that they believed it would have a negative effect on their organization, such as fines, charges, or extra work, or that they believed there would be no benefit to reporting the attack to law enforcement. Others reported that they were warned by attackers not to engage with law enforcement, or that they did not think law enforcement would be interested in engaging with them.

Incidentally, a very encouraging sign from this survey is that 98% of respondents who experienced data encryption were able to retrieve their data. 68% of those respondents were able to use backups to restore their data, compared to 56% who paid the ransom to restore their data. 47% of respondents reported using more than one method, including backups, payments, or other means, including working with law enforcement or using public decryption keys.

More from Blackwired

April 16, 2025

The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders

Precision-validated phishing targets specific emails, blocking others, evading detection and complicating traditional defenses.

Read more
April 9, 2025

Hunters International Dumps Ransomware, Goes Full-on Extortion

Ransomware groups shift to data privacy extortion as law enforcement and reduced profits make double-extortion less viable.

Read more
April 2, 2025

How SSL Misconfigurations Impact Your Attack Surface

SSL misconfigurations increase cyber risks. EASM platforms offer continuous monitoring to detect and address vulnerabilities effectively.

Read more

© 2024 Blackwired. All Rights Reserved.