Business for Ransom: Anticipating and Recovering from an Attack
A number of reports have since identified malware from Russian cybercriminals known as Evil Corp. as the source of the attack – and claim that a ransom of US $10 million was demanded.
Ransomware attacks are becoming more sophisticated and difficult to predict for organisations of all sizes. According to a survey of 5,000 IT professionals from 26 countries that was commissioned by the security firm Sophos earlier this year, 51 percent of respondents’ organisations were attacked by ransomware in the last year. While that represents a slight decrease from those who reported attacks in a 2017 Sophos-commissioned survey (54 percent), the report indicated the decrease, “while welcome, is likely due to a change in tactics from the ransomware actors” and not because the problem is going away.
If a large multi-national business can be brought to a temporary standstill by a ransomware attack, where does this leave organisations with fewer resources? If a business is able to pay the ransom demanded by cybercriminals, will making the payment typically lead to the best outcome? Finally, when a ransomware attack poses not only security and financial threats but generates a ripple effect of negative publicity, how can an organisation recover?
“It really exposes organisations who don’t have any fallbacks or systems they could have switched over to,” Adam Kujawa, director of malware intelligence for the security firm Malwarebytes, told Wired. “And that can affect user confidence, customer confidence, investor confidence in how robust or built out your recovery plan is.”
Building a ransomware response strategy
While the outlook on ransomware can make it seem futile to try and prevent an attack, a number of the Sophos survey results identified action steps organisations can take to become more difficult targets, as well as key areas of vulnerability they can better protect.
For instance, criminals successfully encrypted the data in 73 percent of the attacks reported in the survey. However, 94 percent of organisations whose data was encrypted got it back – and more than twice of those respondents retrieved the data via backups versus by paying the ransom (56 percent versus 26 percent).
Investing in backup protection can pay off for that reason: The survey found that paying the ransom doubles the cost of responding to a ransomware attack. The average cost to rectify the impacts of an attack – including downtime, people time, device cost, network cost, lost opportunity, and ransom paid – was US $732,000 for organisations that didn’t pay the ransom but nearly US $1.5 million for organisations that did pay.
Addressing gaps in cybersecurity protection can help too. One in five of the organisations surveyed have a major gap in their cybersecurity insurance. And having dedicated cyber insurance in place can help round out an organisation’s cyber resiliency. While 84 percent of respondents have cybersecurity insurance, only 64 percent have insurance that covers ransomware.
“Organisations can and should take proactive steps to protect their data through encryption, regular employee training and ongoing risk assessments to reduce their exposures,” said Davis Kessler, Head of Cyber at Travelers Europe. “This is especially important at a time when so many organisations have employees working in more casual settings at home. Part of this effort involves formulating a plan, through insurance and risk management solutions, that helps them respond decisively to an attack if it does occur and limit damage to their reputation.”
