TOP CYBER NEWS

  • HOME
  • ATTACKS
  • MALWARES
  • STRATEGIES
  • THREATS
    • Threat Defense
    • Threats Analysis

Pledges to Not Pay Ransomware Hit Reality

by Top Cyber News / Friday, 21 June 2019 / Published in Attacks


While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.

When a Florida town of 35,000 paid a $600,000 ransom to regain control of its computer systems and critical services — from e-mail access to management of a water-pumping station — critics immediately warned that paying ransomware operators would only lead to more attacks.

Yet businesses and city governments need to stay operational. While risk analysts and security experts continue to recommend that companies keep focused on securing their systems and speeding incident response to minimize the impact of crypto-locking ransomware, they are now also recommending that companies be prepared to capitulate.

In a June 5 report, for example, Forrester Research published a guide to paying ransomware, advising its audience to consider third-party firms that negotiate with cybercriminals to ensure the best outcome.

“Our recommendation is to work with someone who is essentially a specialized breach coach for ransomware,” says Josh Zelonis, senior analyst for cybersecurity and risk at Forrester. Companies need to “go through a staged process to make sure that you are building a rapport with the actor and ensuring that they are able, and willing, to decrypt the data — to essentially deliver a ‘proof of life.'”

The list of municipalities that have been hit with ransomware is growing. Baltimore, Maryland; Atlanta, Georgia; Riviera Beach, Florida; and Albany, New York, have all faced the decision of whether or not to pay. Some, such as Riviera Beach, decided they had no other choice but to meet the ransomers’ demands. Others, such as Atlanta, reportedly refused and faced massive clean-up bills.

The list of companies that have had to deal with crypto-locking ransomware is even longer. Large companies, from Merck to Fedex to Renault, wrote down hundreds of millions of dollars from the WannaCry and NotPetya attacks. Now, clients of some managed service providers are facing ransom demands after attackers gained control of their administrative portals. Paying $17,000 in 2016, Hollywood Presbyterian Medical Center got off fairly lightly. 

“I don’t think you can make a blanket statement of ‘pay the ransom’ or ‘don’t pay the ransom,'” says Adam Kujawa, director of the research labs at security firms Malwarebytes. “If you have failed to segment your data or your network, or failed to check your backups or other measures to get your company back on track quickly, then you will have to deal with the fallout.”

One problem for companies: Ransomware operators have shifted away from blanketing consumers and businesses with opportunistic ransomware attacks and now almost exclusively target business and municipalities. Along with that shift, the cost of ransoms has quickly grown because such organizations can afford to pay. Now, many organizations are faced with seven-digit ransom demands, Zelonis says. “That’s a heck of a payday,” he adds.

The increase in ransom demands is driven by attackers’ targeting and research on victims, he says.

“It is interesting because the other thing we are seeing is that these actors are not just looking at your infrastructure and where your backups are to make sure that you cannot recover from backups,” he says. “A lot of the actors are looking at a company’s annual revenue to figure out what they can afford to pay.”

For companies that want to stick to their pledge to never pay ransomware operators, that intent needs to start before an incident — with preparation. Organizations need to focus on security, incident response, and recovery to minimize the cost of a ransomware attack. Incident response exercises are key, Zelonis says. 

Yet cybercriminals have become more savvy. They will often spend time in a target’s network looking for the most sensitive data and making sure they can compromise the backups, as well, he says.

“The ransomware market from two or three years ago has totally evolved,” Zelonis says. “[Cybercriminals] are understanding where you are backing things up and going after those systems. This is a full-scale breach.”

The Forrester report advises companies to invest in cyber insurance as a way to offset at least some business risk. Organizations should also test their ability to recover from a massive data loss event using their backups.

“A harsh reality is that a majority of organizations aren’t testing their ability to recover a single system from backups, much less validating they have the ability to recover potentially hundreds of systems at the same time,” the report states.

To be most responsive in the case of a ransomware incident, companies need to have a plan for acquiring cryptocurrency or have a fund already in place, as well as have an incident response provider on retainer and select a ransomware specialist, the report stated.

The focus for companies is to stay in business, so even for companies that could recover all of their data, it is often easier — and cheaper — to just work with the attacker to restore the data.

“If you are losing data, that will cost you more to recover or to deal with the fallout of losing it, and you are dealing with the cybercriminal and they are willing to negotiate, then you are in a situation where paying might not be the worst idea in the world,” Malwarebytes’ Kujawa says. “It’s not what we like to do, but at the end of the day, a business needs to stay in operation.”

Related Content

 

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

More Insights



Post Views: 157
Tagged under: Hit, Pay, Pledges, Ransomware, Reality

What you can read next

For Real Security, Don’t Let Failure Be Your …
Attackers Used Red-Team, Pen-Testing Tools to Hack …
SCOTUS Says Suit Over Fiat-Chrysler Hack Can Move …

4 Comments to “ Pledges to Not Pay Ransomware Hit Reality”

  1. Emily Simpson says :Reply
    September 5, 2019 at 11:24 PM

    Thanks for some other fantastic post. Where else may anybody get that kind of info in such a perfect means of writing? I’ve a presentation next week, and I’m at the look for such info.

  2. Fiona Duncan says :Reply
    September 11, 2019 at 2:26 PM

    Thank you for the good writeup. It actually was once a amusement account it. Look complicated to more added agreeable from you! By the way, how can we keep in touch?

  3. Nathan Mathis says :Reply
    September 12, 2019 at 9:31 PM

    Its such as you learn my thoughts! You appear to grasp so much approximately this, like you wrote the e-book in it or something. I feel that you can do with a few to drive the message house a bit, but instead of that, this is wonderful blog. A fantastic read. I will definitely be back.

  4. Stevunsush says :Reply
    November 22, 2019 at 9:23 AM

    Viagra Se Vende Libre online cialis Erection Remedies Canadian Drugs Cialis Amoxicillin Life Cycle

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Only 53% of Security Pros Have Ownership of …

    Most practitioners report an increase in identi...
  • Deliver a Deadly Counterpunch to Ransomware …

    You can’t prevent all ransomware attacks....
  • Microsoft ‘Campaign Views’ Offers Full Look at …

    Campaign views, arriving in public preview, aim...
  • Maersk CISO Says NotPeyta Devastated Several Unnamed US firms

    At least two companies may have been dealt even...
  • Two Bayrob Cybercrime Members Sentenced to 20 and …

    The Romanian nationals stole some $4 million in...

Flights & Hotel Finder

Archives

  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • July 2014
  • June 2014
  • May 2014
  • July 2013
  • January 2013
  • May 2011

Categories

  • Attacks
  • Cyber Security
  • Malware
  • RESOURCES
  • Strategies
  • Threat Defense
  • Threats
  • Threats Analysis

Mission

We aim to provide you the most recent updates and news on cyber matters in this digital world.

Reach us via: [email protected]

© 2018. All rights reserved by Top Cyber News.
Creative Commons License

TOP