Ransomware Demands and Business Payouts on the Rise
Ransomware targeted at the business sector has recently become the preferred income method of many hackers, in part because it can provide huge returns when enterprise victims are willing to pay up. For these more advanced renditions of ransomware, individuals are no longer the main target, since individuals don’t provide the financial windfall hackers are hunting for.
With potentially unlimited resources at stake, ransomware attacks have begun to focus exclusively on businesses — often with great success. As ransomware variants become increasingly easier for hackers and other cybercriminals to obtain, industry experts expect the problem will only get worse for businesses of all sizes and across industries.
Paying the Ransom Only Makes Matters Worse — and Sometimes Isn’t Even Successful at Restoring Data
Three of the most recent highly publicized ransomware attacks involved the University of Calgary, a school system in South Carolina and Hollywood Presbyterian Hospital. In each case, the organizations were not prepared to respond to or recover effectively from the attacks, and business management felt compelled to pay the ransom as their only option to protect their users and recover valuable sensitive information.
Paying the ransom is harmful in more ways than one:
- Paying the ransom funds the cybercriminal. When a ransom is paid, the hacker has won the battle, and now they have the funding, experience and confidence to move on to their next vulnerable target.
- Big ransom payouts motivate the attackers. When word of a successful ransom spreads in the media and in various online forums on the dark web, cybercriminals get even more motivated to continue their attacks and work to develop more efficient, lucrative ways of successfully targeting larger, wealthier victims.
Additionally, paying the ransom is never a guarantee. After all, these are cybercriminals we are talking about — not legitimate businesses who care about contractual obligations and the rules and regulations of cyberspace. Sometimes, a paid ransom merely results in a bolder attack who decides they want even more money for the same data they were just compensated for. Take Kansas Heart Health Hospital, for instance. In May 2016, the hospital paid a ransom as a last resort to unlocking sensitive patient files and data — and then the attackers demanded more money.
Dealing with and compensating criminals are terrible solutions in response to cybercrime. Effective IT incident response management and data disaster solutions provide a much better, more reliable alternative — and unlike a ransomware payout, incident response planning won’t break your budget.
With the Right Incident Response Planning, Paying the Ransom Is Never the Only Option
Many businesses do not have the internal IT capabilities to respond to and recover effectively from a ransomware attack or to reduce the chances of one happening in the first place. In cases where businesses and IT teams are underprepared, paying an exorbitant ransom for the return of valuable and sensitive company files and folders may seem the only option. With the right disaster planning and incident response preparations in place, paying the ransom should never be the easiest — or the only — path to recovery.
Community responders have come together during this most recent ransomware crisis to assist unprepared victims in recovering their data, but these ever-evolving renditions of malware and malicious ransomware Trojans can easily sidestep even the most advanced recovery techniques — and then become more advanced themselves.
Some practical methods for defending against ransomware include:
- Comprehensive disaster recovery planning
- Storage and backup solutions that can scale and are well-maintained
- Restricted user account permissions and segmented authorized network space
- Incident audits and full network packet capture
- Continuous, real-time monitoring and security assessment
The only way to truly defend against ransomware is to defund the criminal element behind it — and that starts with an effective, comprehensive incident response plan on the part of ransomware’s most lucrative target. Businesses of all sizes should develop and implement an advanced disaster response and recovery plan so they are never without options if a ransomware demand is placed upon their valuable business data.
If you feel your company may be underprepared to respond to a ransomware demand or any other cyberthreat, we can help. Aurora Technical Consulting is an industry leader in IT security and incident response strategy. Contact us at (208) 936-7616 or send us an email at email@example.com for more information.