If 2017 was the year for ransomware globally, 2018 is the year that Canadian firms were forced to take notice. Recently, both the Town of Wasaga Beach and the Town of Midland were both hit with ransomware which encrypted all their files, including backups. Both municipalities decided to negotiate and pay a ransom, rather than lose their data.
To pay or not to pay?
For Wasaga Beach, the issue came down to whether they could re-build their files from scratch or if they should just pay the ransom and hope they wouldn’t be cheated. According to Maclean’s, “they weighed the numbers: $500,000, at minimum, to rebuild everything from nothing, over dozens of months and hundreds of hours. They questioned whether replacing all of their files—like engineering and planning drawings—would even be possible.” Recently, it has been reported that the Town of Midland has also agreed to negotiate with the hackers. An update from the town read: “Under the guidance of cybersecurity experts, we have initiated the process to pay the ransom in exchange for the decryption keys, although it is not ideal, it is in our best interest to bring the system back online as quickly as possible.” While it is not known yet how much Midland will have to spend to get their data back, for Wasaga Beach, the numbers are as follows: nearly $35,000 was spent on Bitcoin, $37,181 more went to IT and Security consultants. Other costs such as staff overtime and productivity losses were figured to be about $251,759 over seven weeks. While not ideal, it’s less than the $500,000 estimate to rebuild what they could from scratch. While this might seem like it all worked out, most security professionals and law enforcement professionals advise against paying out the ransom. The RCMP, the OPP and the federal government’s Canadian Cyber Incident Response Centre (CCIRC) do not recommend that victims pay ransom. Just as you can’t trust that the criminal will return your data, you also can’t assume that the hacker will be able to decrypt it for you either.
Cyber Insurance: Does it Cover Paying Ransom?
A recent survey by cybersecurity survey from research and consultancy firm Ovum, for the analytics firm FICO, has found that 40 per cent of Canadian firms surveyed have cybersecurity insurance that covers all likely risks – an increase of 22 percent from 2017. "Canada's companies are well-aware of the threat of cyber-risk, and the uptake of comprehensive cybersecurity insurance is a testament to that," said Kevin Deveau, vice president and managing director, FICO Canada. "However, there is still a long way to go, with many companies still out there that either have inadequate cybersecurity insurance or none at all. Not only is it important to obtain cybersecurity insurance, but to also ensure it matches the risk profile of the organization." It seems that Canadian firms are more than ever understanding that cyber security is important to their business. Indeed, the Town of Midland purchased a Cyber Insurance policy just after the Wasaga Beach ransomware attack: “This (policy) has a number of benefits, it covers the ransomware and (ransom) and also puts you in touch with a lot of expertise to recover systems,” said Mayor Gord McKay. “In terms of immediate financial impact, it is minimal.”
How to avoid falling victim to ransomware?
Prevention really is the best medicine when it comes to protecting yourself from ransomware. Some tips to help avoid your data becoming hostage to this situation include:
- Investing in a trusted security solution and partner. Detection and removal of malware is essential not only to protect your business, but also to prevent these threats from spreading further. For organizations that need help, a Managed Security Services Provider can help manage this process for your organization.
- Make regular backups of files. While backups in the cloud are good, physical backups stored outside your network are less likely to be reached. Automated online backups could be affected by cyberattacks; criminals have a stake in overwriting them or making them inaccessible. In addition, having backup media that are not rewritable or reusable can be beneficial. If you can’t change what’s written there, criminals can’t either. Check that your backup works correctly and that your media are still readable. Make sure backups are saved.
- Your organization should already have in place a process in case of a cyberattack. Remember that apart from the direct impact on your business, a security breach can affect your customers’ trust. Communication strategies should be included in your planning, in addition to other measures you should put in place following an attack. A service, such as Uzado’s BRaaS (Breach Readiness as a Service) is such a service that can help prepare, plan and strategize for a potential cyber-attack. If you have followed point 2 above, luckily you will at least have back-ups available to help restore your network and at won’t have to pay a ransom.