Attacked by ransomware – should we pay or not pay?

Attacked by ransomware – should we pay or not pay?

Don't rush into a decision and consider all your options. Paying the ransom should really be the last resort.

By on

Globally, the average weekly number of ransomware attacks has increased 93% over the past 12 months.

Every week, more than 1,200 organisations worldwide fall victim to a ransomware attack, and all enterprises are at risk, said Check Point Research (CPR) in its latest report.

Citing research from Cybersecurity Ventures, it is estimated that the damage caused by ransomware will reach approximately US$20 billion this year, a 57-fold increase from 2015.

By 2031, the cost of ransomware incidents could even surpass the hard-to-believe figure of US$265 billion.

Why is ransomware spiking?

The number of ransomware attacks is growing for a simple reason – hackers are getting paid. The willingness to pay creates a dangerous loop and increases the motivation of attackers.

Additionally, cyber risk insurance is becoming more common, so companies do not hesitate to meet the demands of cybercriminals, further exacerbating the problem.

CPR said the increase in attacks is also related to the availability of threats. Many hacker groups offer ransomware as a service, so anyone can rent this type of threat, including infrastructure, negotiating with victims or extortion websites where stolen information can be posted.

The ransom is then split between the 'partners'.

If not caught on time, it's relatively easy to find out, as organisations will get a message asking for a ransom and won’t be able to access the company’s data.

According to CPR, cybercriminals are constantly refining their techniques to increase the pressure to pay. Originally, ransomware ‘just’ encrypted data and demanded a ransom to unlock it. The attackers soon added a second phase and stole valuable information before encryption, threatening to make it public if the ransom was not paid.

Approximately 40% of all new ransomware families use data theft in some way in addition to encryption. In addition, we have recently seen a third phase where the attacked companies’ partners or customers are also contacted for a ransom, this is a new technique called triple extortion.

How can companies minimise their exposure to ransomware?

CPR offers the following advice for companies to help minimise the risk of them being the next victim of ransomware:

  • Be extra vigilant on weekends and holidays

Most ransomware attacks over the past year have taken place on weekends or holidays, when organisations are more likely to be slower to respond to a threat.

  • Install updates and patches regularly

WannaCry hit organisations around the world hard in May 2017, infecting over 200,000 computers in three days. Yet a patch for the exploited EternalBlue vulnerability had been available for a month before the attack.

Updates and patches need to be installed immediately and have an automatic setting.

  • Install anti-ransomware

Anti-ransomware protection watches for any unusual activity, such as opening and encrypting large numbers of files, and if any suspicious behaviour is detected it can react immediately and prevent massive damage.

  • Education is an essential part of protection

Many cyberattacks start with a targeted email that does not contain malware, but uses social engineering to try to lure the user into clicking on a dangerous link.

User education is therefore one of the most important parts of protection.

  • Ransomware attacks do not start with ransomware, so beware of other malicious codes

These malicious codes include Trickbot or Dridex that infiltrate organisations and set the stage for a subsequent ransomware attack.

  • Backing up and archiving data is essential

If something goes wrong, your data should be easily and quickly recoverable. It is imperative to back up consistently, including automatically on employee devices, and not rely on them to remember to turn on the backup themselves.

  • Limit access to only necessary information and segment access

If you want to minimise the impact of a potentially successful attack, then it is important to ensure that users only have access to the information and resources they absolutely need to do their jobs. Segmentation minimises the risk of ransomware spreading uncontrollably across the network.

Dealing with the aftermath of a ransomware attack on one system can be difficult, but repairing the damage after a network-wide attack is much more challenging.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
© iTnews Asia

Most Read Articles