The Core

From what I've read;

>How often do the ransomers actually keep their promise after getting the money?

Usually keep their promise ....because they need the next target to believe that they will honor the deal??


>Are they ever caught and brought through the legal system?

Occasionally. National law enforcement (FBI, etc) partner with the ransomers' host country's law enforcement IF they find them.  I've seen more partial money 'clawbacks' than arrests in the headlines.


>And is there insurance to pay the ransom?

IIRC, my small business policies began to exclude ransom & hacking.  You could buy $$$$pecial riders, of course.

 
>And if they do pay the ransom, doesn't it just make ransomers ransom more?

Yes, I think so. 

Most businesses have backup of their systems. Most companies have never tried to restore a backup and have no idea if it is possible.

Most medium and large businesses have intrusion detection but most of them have no idea what to do when an intrusion is detected.

If you have got one computer which is infected with ransomware you can just restore it from a backup and move on. But if have a system of multiple internal and external services, restoring a backup will remove the ransomware but leave mess of out of sync systems. Think of credit card authorizations that are no longer registered, ERP orders and invoice are not registered correct.

There can be a lot of data missing from the last backup to the time you decide to restore, and it can be a huge task to figure out this mess. Banks have plans for this, but most other companies don’t.

The EU NIS2 directive is requiring companies to make plans for such events but most companies are still haven’t got a clue about what to do.