Q4 of 2020 saw a decline in ransomware victims paying to recover their data. This is a result of being able to recover their data from backups, even if hackers threaten to leak the data before encryption. However, Coveware has picked up on a ‘more insidious phenomenon’ in which data is being destroyed during the attack. Companies have found this leaves them no option to recover the stolen data, even if they were to pay the ransom.
Coveware stated: “The uptick in haphazard data destruction has led some victims to suffer significant data loss and extended business interruption as they struggle to rebuild systems from scratch”.
The cause of this is still unknown, as hackers destroying data knowingly would make little sense, as they rely on the data being available to them. How else would they get the victims to pay a ransom? An alternative theory Coveware has come up with is that less-skilled attackers are flooding the ransomware business scene and accidentally deleting the data in the process.