The Role of Law Enforcement in Remediating Ransomware Attacks

May 20, 2024

In many cases in the past, fear of negative press and customer loss kept victims of ransomware attacks from making the attacks they suffered public. The main reason that trend has changed, and that reporting incidents has become more common, is the efficacy of law enforcement assistance in remediating a ransomware attack. Surveys of available data by Sophos have shone a light on the specific ways in which law enforcement has been of use. The Sophos state of ransomware survey shows that 59% of surveyed organizations were hit with ransomware attacks in the last year (down from 66% in 2022 and 2023), but 97% of afflicted organizations engaged with law enforcement due to the attack, up significantly from previous years. Of those organizations, 61% reported receiving advice on dealing with the attack, 60% got help with investigations the attack, and 40% reported receiving help with attack recovery. When asked about ease of engagement, more than half reported that the process of engaging with law enforcement was at least somewhat easy.

The 3% of respondents who did not report their attack to law enforcement gave a variety of reasons for their decision. The most common reasons given were that they believed it would have a negative effect on their organization, such as fines, charges, or extra work, or that they believed there would be no benefit to reporting the attack to law enforcement. Others reported that they were warned by attackers not to engage with law enforcement, or that they did not think law enforcement would be interested in engaging with them.

Incidentally, a very encouraging sign from this survey is that 98% of respondents who experienced data encryption were able to retrieve their data. 68% of those respondents were able to use backups to restore their data, compared to 56% who paid the ransom to restore their data. 47% of respondents reported using more than one method, including backups, payments, or other means, including working with law enforcement or using public decryption keys.

More from Blackwired

July 9, 2025

Sixfold surge of ClickFix attacks threatens corporate defenses

ClickFix exploits user ignorance by tricking them into running malicious code as fake errors or CAPTCHAs; awareness is key.

Read more
July 2, 2025

SquareX: Browser AI Agents Are The Weakest Link

Browser AI agents pose major security risks, often falling for phishing and OAuth attacks due to lack of built-in safeguards.

Read more
June 25, 2025

US Homeland Security warns of escalating Iranian cyberattack risks

US-Iran conflict escalates; DHS warns of rising cyber, terror threats from Iran, allies, and hacktivists targeting US infrastructure.

Read more

© 2024 Blackwired. All Rights Reserved.