Why Won’t Ransomware Stop? Hint: Because you Keep Paying

Ransomware is one of the biggest challenges facing businesses today. In case you haven’t heard, ransomware is an attack where cyber criminals break into your network and encrypt all the data so it becomes unusable. The cyber criminals are banking on the fact that you will be so desperate to get access to that data back that you will pay them for the decryption key.

And it works! The reason ransomware has grown so much over the last few years is that the quickest way to restore the network to pay the criminal to get their data back.  An article in The Conversation claims that “cyber-insurance firms recommend their clients simply pay off the criminal gangs that extort them.” In cases where the cyber criminals actually hand over the keys, it allows companies to continue going about their business in many cases without publicly disclosing they were ever breached. 

The drawbacks of paying out the ransom is that you can never be sure that you will be given a working decryption key.  There is also the possibility that you may be hit with the same ransomware again, as Uzado previously wrote about earlier this month.  In that particular instance, the company paid for a decryption key, but never did an investigation as to how they were infected, and the cyber criminal struck again. There is no incentive to stop sending you ransomware if you keep on paying.

Another issue with paying the ransom is that you are funding a criminal organization.  Some of these cyber crime gangs use these funds to further their research and development to improve their ransomware tools.  In some cases, paying the cyber criminals can have you in trouble with the US Justice department.  In the last 4 years, the US Justice Department has imposed sanctions against Russia, Iran and North Korea to prevent businesses, such as banks, from supporting their activities. You can read the department’s 5-page advisory on how facilitating ransomware payments can put you in legal trouble.

So, what is the solution?  Sanctions against paying the ransom have not been enough to prevent ransomware payments. While a recent article in ZDNet suggests that the percentage of organizations making ransomware payments has gone down, the figure is still around 60%. That’s a not a bad return on investment for the cyber criminals. Law enforcement is doing what it can, a few high profile arrests have been made recently, but they can’t seem to catch the criminals quickly enough. 

To help you avoid having to make ransomware payments, do the following:

  1. Patch security vulnerabilities regularly.
  2. Use multifactor authentication wherever possible.
  3. Make cyber awareness training part of your regular employee training
  4. Maintain regular offline and offsite back-ups so you can always restore your network.

Remember, if you do get targeted with ransomware, make sure you bring in cyber security experts to investigate before attempting to restore from backups, and contact local law enforcement.