Ransomware continues to rack up victims.
Early this month the City of Baltimore announced ransomware had seized a variety of city government computer systems. The attack took down voicemail, email, a parking fines database, and a system used to pay water bills, property taxes, and vehicle citations.
The story in Baltimore continues to unfold as I write, but city officials expect recovery to take months. The mayor’s office is so far not paying the $100,000 (13 bitcoin) ransom but is reportedly not against it to keep city operations moving.
A Persistent Threat
Unfortunately, this particular type of malware shows no signs of going away.
According to the 2019 Verizon Data Breach Investigations Report, ransomware persisted as the second-most common type of malware reported, accounting for nearly 24% of incidents where malicious code was used. One of the most distressing facts about ransomware is that it can be deployed across numerous devices within an organization to maximize the impact. And, due to the nature of the “upfront payment” to release the locked-down systems, cybercriminals don’t need to rely as heavily on re-selling stolen data.
Last March, Atlanta was brought to its knees by a ransomware attack that lasted nearly two weeks. The pernicious SamSam ransomware strain forced the police department to pen and paper, gridlocked the court system, and stopped online utility bill paying in its tracks. Reports indicate the city did not actually pay the $50,000 requested by the attackers, but taxpayers still footed a $2.6 million bill for recovery efforts.
Show Me the Money
As the name suggests, ransomware is all about the money. Hackers break in and rely on the malware to encrypt vital files or render machines useless. Only after a ransom ranging from a few hundred to tens of thousands of dollars is paid are the files released.
Well, sometimes. There’s a reason the FBI and tech experts of all kinds recommend against paying the ransom: it doesn’t always make it go away.
Here is a typical scenario:
- A company gets hit with ransomware.
- The ransomware spreads, infecting hundreds of (or more) systems.
- The affected organization is not able to recover backups.
- Critical data becomes inaccessible, causing major problems (loss of revenue, halted operations, you can really use your imagination).
- The decision is made to pay the ransom to recover the critical data, resulting in two common outcomes:
- The organization pays using crypto currency (like bitcoin) that cannot be traced or reversed. The bad guys can’t unlock the data because they don’t have the key, or simply can’t be bothered to. The organization is not able to access the encrypted data.
- The organization pays, and the bad guys then ask for more money. The organization can’t afford to pay more. The critical data stays locked up.
Here’s the rub: the more organizations pay, the more emboldened cybercriminals are likely to get. Paying the ransom means the strategy works, so the bad guy will just keep employing this tactic. Think of it in terms of training a dog. The more a behavior is reinforced (positively or negatively), the more the dog will do it.
Plus, industry data suggests that paying doesn’t work, anyway. A report from cybersecurity firm SentinelOne found that only 26% of U.S. companies that had their data locked up and paid to set it free actually got it unlocked. Additionally, organizations that did pay were targeted again 73% of the time. Why would an extortionist leave a goldmine that was paying off?
Another interesting stat from that report: 69% of respondents said the ransomware attacker gained access to their organization’s network through either email or social media network phishing. Long story short: Humans let the ransomware in two-thirds of the time.
To sum up:
- Ransomware is bad
- Paying the ransom is worse (for all of us)
So how to break the vicious cycle? The best protection against ransomware and cyber extortion schemes are proactive rather than reactive:
Back Up Your Systems
Regularly backing up data is a universal best practice, for home users and multi-billion-dollar organizations alike. If you are hit, the best solution is to clean the impacted system and restore the data.
Consider Cybersecurity Insurance
The city of Baltimore didn’t have a cybersecurity insurance policy before the attack but is reportedly in the market for coverage. Both the governments of Atlanta and Georgia had policies in place to help recover from their ransomware attacks last year. Policies and coverage can vary wildly depending on the provider, though, so make sure you do your homework.
Train Your People
The 69% stat from the SentinelOne report cited above may seem like cause for despair, but it’s really a clue to a larger solution to the ransomware issue. For our money, no amount of technical tools or ransomware guarantees can take the place of informed employees. It’s no wonder the FBI itself lists “Educating Your Personnel” as one of its top bits of advice for CISOs in the fight against ransomware. Be sure to train your employees to be aware of phishing and common tactics with a comprehensive security awareness initiative.
With these tactics in your arsenal, you’ll be able to keep your bitcoin wallets closed to cyber-extortionists.
Speak to one of our experts to learn how MediaPRO’s comprehensive approach to security awareness training can equip your employees to protect your organization against ransomware and more.