Paying a ransom does not guarantee decryption of data. Open source reporting indicates several instances where an entity paid the ransom but the keys to decrypt the data were not provided. The ACSC has also seen cases where the ransom was paid, the decryption keys were provided, but the adversary came back a few months later and deployed ransomware again. The likelihood that an Australian organisations will be retargeted increases with every successful ransom payment.
It is generally much easier and safer to restore data from a backup than attempting to decrypt ransomware affected data.
No comments:
Post a Comment