When To Pay Hackers?
It is always discouraged to pay ransomware hackers in the event your organization has been attacked. However, 58% of firms worldwide which have been victims of ransomware attacks paid the hackers in order to get back their data, a report published earlier in the year suggests. Is there ever a reasonable time to pay hackers?
What Are Ransomware Attacks?
Ransomware is a type of malicious software designed to encrypt a victim’s files, systems and data. Attackers often threaten to publicly release or block victims’ access to confidential data or a computer system. Cybercriminals then demand a ransom to restore access to the locked data upon payment.
Victims of ransomware attacks are often notified by a message displayed on a lock screen. Thanks to the advancements and tremendous growth trends in cryptocurrency, attackers often request the ransom to be settled in Bitcoin or other cryptocurrency, because of its untraceable nature. Once the requested ransom amount is paid, victims can expect to receive the decryption key to unlock their data. However, similar to paying ransom in reality, successful decryption is not guaranteed. Sometimes the payee will never regain access to the system or will see their sensitive data being exposed to the public.
Is it Ever Reasonable to Pay?
Negotiating with cyber-criminals in this manner is discouraged by governments and industry, but that hasn’t stopped some high-profile firms.
When Colonial Pipeline revealed it had paid a $5 million ransom in bitcoin to DarkSide ransomware hackers, its CEO Joe Blount said the company made the right choice for the nation. At the time the ransom demand was made, Blount said it wasn’t clear how widespread the intrusion was or how long it would take Colonial Pipeline to restore the compromised systems. So Blount decided to pay the ransom, hoping it would speed up the recovery time.
While Colonial Pipeline was successful in restoring order, most aren’t so lucky. Theoretically, if organizations pay the ransom, the attackers will provide a decryption tool and withdraw the threat to publish stolen data. However, payment doesn’t guarantee all data will be restored. Executives need to carefully consider the realities of ransomware. On average, only 65% of the data is recovered, and only 8% of organizations manage to recover all data.
Encrypted files are often unrecoverable. Attacker-provided decrypters may crash or fail. You may need to build a new decryption tool by extracting keys from the tool the attacker provides.
Recovering data can take several weeks, particularly if a large amount of it has been encrypted.
There is no guarantee that the hackers will delete the stolen data. They could sell or disclose the information later if it has value.
In addition to the ransomware costs, there are also associated reputational costs. According to AON’s 2019 Global Risk Management Survey, UK businesses rate brand damage and cyber attacks in the top three risks. The reality is that cyber attacks have enormous potential to damage the reputation of a business, conflating the two risks. The negative impact can be tangible – a 2019 study reported by Forbes found that a breach can lower a company’s share price by 7%. It can be hard for the organisation to regain customers’ trust, particularly if the breach was widespread or caused by basic security errors.
PricewaterhouseCoopers (PwC), an audit and assurance company that works in cybersecurity, reported that 69% of consumers surveyed believe that the companies they use are vulnerable to being hacked and attacked by cyber criminals. The same survey found that 87% of consumers are even willing to walk away and take their business elsewhere if, or when, a data breach occurs. These numbers highlight that consumers are not only skeptical of the organizations that have their critical assets, but that they are willing to leave a company who goes through a data breach. With consumers being cognizant of both of these, organizations must implement standards to protect its network from bad actors while also preserving its relationship with consumers.
Prevention Better Than the Cure
While an organization can not fully prevent an attack, there are actions which can be taken to mitigate any risks.
It is critical that not only backups are made but that they are tested regularly. Assuming the backups work, the cost of recovery will always be less than paying the ransom for an uncertain outcome.
Cybersecurity Insurance is also something which is worth considering. Cyber insurance (also referred to as cyber risk or cyber liability insurance) is a form of cover designed to protect your business from threats in the digital age, such as data breaches or malicious cyber hacks on work computer systems.
A business is responsible for its own cybersecurity, but in the event of a cyber attack having the right insurance will mean you aren’t alone. Cyber liability cover will provide crucial support to help your business stay afloat. There are more details: Cybersecurity Insurance: All Your Questions Asked.
Ignoring Security Monitoring
User Activity Monitoring allows you to monitor users to verify that their actions meet good security practices. If a malicious outsider gains access to their log-in information, or if an insider chooses to take advantage of their system access, you will have a record of the suspicious activity.
If your organization is like most others, you don’t have the budget to stand up your own security operations center. But that doesn’t remove the need for around-the-clock monitoring and intelligence that will help you investigate incidents and minimize attacks.
In the spirit of preserving your data, session recording software offers a way to protect your organization. Visit www.tsfactory.com to learn more about how we can help you prevent data insider threats and theft.