Ransomware is causing many IT managers to spend sleepless nights all over the world. And these attacks are still on the rise, we have seen massive attacks on large companies and important networks, most of which did not hit the headlines.
And while you can take many steps to prevent attacks and limit their impact, there is one question on the minds of CIOs and CFOs more than any other: Should we pay the ransom?
The Basics – What is Ransomware ?
Ransomware is a type of malware or malicious software that encrypts the victim’s data, after which it demands a ransom. Once the ransom is paid, the attacking criminal sends a decryption key to restore the victim’s access to their data. The ransom can range from a few hundred dollars to millions of dollars. Payment is usually requested in a cryptocurrency such as bitcoins.
If you choose to pay, it means that you trust the criminals who have broken into your network and held you hostage to their demands. Without a guarantee that they will do what they promised you and return your data to you, it is wrong to continue to think in this way, after the criminal unlocks your data, you will still face at least three major risks, namely:
- Paying the ransom does not necessarily remove the criminal from your network, nor does it fix the underlying security issue that was exploited to gain access to your network. And no one guarantees that the criminal will not build a secret port in the network to visit you in the future.
- Generating revenue from existing customers is easier than finding new customers. This applies to hackers as well. Even without the secret port, they have succeeded in penetrating your network and know its privacy and details. They may try to attack your company again.
- How are you going to make sure that the now unlocked data hasn’t been accidentally corrupted? There are many things that can be damaged even if the ransomware creator takes the right steps.
The ransom itself is only the initial cost and does not provide you with any progress from where you were at the moment of the hack. Notifications, security training and retooling security platforms to address the root cause will be more costly.
Paying the ransom should be the last option for anyone who has been a victim of cybercrime, and it is only natural for some to choose to pay, because in many cases paying a ransom makes more sense. For example, the city of Atlanta in the US last year spent nearly $17 million recovering from ransomware attacks when the attackers initially demanded a ransom of $52,000.
We must also realize that no two cases are the same. Of course, situations that have widespread societal consequences or potential impact on human safety require the perpetrators of the attack to be paid more than other cases.
Be unattractive targets for them
If you are the victim of a ransomware attack and choose to pay, you will become business partners of these criminals. You do not know their identity, and they are unlikely to be held accountable by the law because they have all the strengths. And if you want to avoid this, here are the basic actions you should take:
- Look at your company with a pirate’s eye
This is the best way to understand the weaknesses in your network and the way your operations work. Prioritize and minimize security vulnerabilities when looking at your company from the attacker’s point of view. Hackers are very motivated by quick and easy material gains, so make yourselves an expensive and hard target for criminals. They are unattractive targets.
- Manage cyber risks like any other risks
Never rely completely on your ability to keep hackers out, even the best structures and networks can be hacked. Develop a ready-made contingency plan that includes all departments concerned with your company such as legal affairs, human resources, finance, information technology, the board of directors and the executive team.
What can be done outside the framework of the company and the institution?
Many of the world’s largest technology companies, including Cisco, have put together a ransomware task force to address the root causes of this problem and have found international cooperation and joint public-private action critical to achieving this. And we have to shift our efforts from focusing on what the ransomware did to the weaknesses that allowed them to do just that. The ultimate goal should be to dismantle and disable ransomware groups and deter others.
What can Cisco do to help companies defend themselves?
Cisco Secure offers a number of security solutions that address security issues based on key trends and that can be modified to meet specific business requirements. These products integrate seamlessly with the Cisco SecureX platform and include Cisco Secure Network Analytics, Cisco Secure Endpoint, Cisco Secure Firewall, Cisco Secure Email and more. Each of these solutions helps secure the points and ports that ransomware attackers might try to exploit.
To learn more about the Critical Threat Protection report, please visit: https://www.cisco.com/c/dam/en/us/products/collateral/security/threats-year-report.pdf