Ransomware actors aim to spend the shortest amount of time possible inside your systems, and that means the encryption they employ is shoddy and often corrupts your data. That in turn means restoration after paying ransoms is often a more expensive chore than just deciding not to pay and working from our own backups.
That’s the opinion of Richard Addiscott, a senior director analyst at Gartner.
“They encrypt at excessive speed,” he told the firm’s IT Infrastructure, Operations & Cloud Strategies Conference 2023 in Sydney on Monday. “They encrypt faster than you can run a directory listing.”
Ransomware operators therefore encrypt badly and lose some of the data they then try to sell you back.
Restoring from corrupt data dumps delivered by crooks is not easy, Addiscott advised – and that’s if ransomware operators deliver all the data they promise. Plenty don’t – instead they use a ransom payment to open a new round of negotiations about the price of further releases.