July 11, 2019 | Cyber Security, Industry Insights
Ransomware. To Pay Or Not To Pay? That Is The Question.
If you haven’t been the victim of a ransomware attack yet, you may be someday soon. According to research by the cybersecurity company, Malwarebytes, six of every ten malware infections during the first quarter of 2017 were attributed to ransomware.1 If and when it happens to you, you will have to decide whether to pay the ransom or not. Here are some things to consider that may help in coming to the right decision for you.
If You Decide To Pay
If you pay the ransom, you may get your data back and your operations can return to normal. You can reduce business interruption, although investigation and remediation of any damage to the system is still necessary.
If you pay the ransom, at least there’s a better chance of getting your data back. But there are a few things to consider. First off, bad guys aren’t known for keeping their word. In recent large-scale attacks, the emails associated with digital currency payments were disabled shortly after the attacks and there was no way for the attackers to track who paid ransom and who did not. In other attacks, hackers simply took the money and never provided the encryption keys. In still others, once a ransom was paid and the attackers provided the encryption key, they returned and attacked again.
Another thing to consider if you decide to pay the ransom is that you will likely need to purchase digital currency to do so. That is not the easiest thing to do when you’re under pressure and have never done it before. Bitcoin is usually the currency requested and can be purchased through an online exchange, but the transaction is not immediate. It can take anywhere from 24 hours to several days to set up an account and process a transaction. For that reason, if you determine that you’re inclined to pay ransom, you may want to purchase some Bitcoin or other digital currency to have on hand to facilitate the transaction. However, be mindful that you will need to have access to the funds should your system become encrypted, so you will want to set up your account and store your currency somewhere separate from the system you wish to protect.
Although the media have reported a few ransomware cases with demands that range from tens of thousands to millions of dollars, the average demand in 2016 was $679.2 If you plan to purchase digital currency to have on hand in case of a ransomware event, purchasing between $300 and $1,000 would meet the demands of most attackers.
If You Refuse To Pay
The Federal Bureau of Investigation strongly urges us not to pay ransom.3 Paying ransom fuels the ransomware business, providing incentive for the bad guys to keep on doing it.
The down side of refusing to pay is that you won’t be able to access your data, at least not right away. This is where it’s important to have a forensic investigation to determine what type of ransomware was deployed. If you know the type of malware, the chances of resolving the issue are much higher. In many cases, security companies publish free encryption keys that unlock particular ransomware.
Yet, if you are diligent about back ups—backing up to the cloud and to a removable device—you may be just fine. The most inconvenience and expense attached to the attack may be the time spent installing your backup.
An Ounce of Prevention Is Worth More Than Paying Up In Bitcoin
There are two simple things you can do now to reduce your chances of becoming a victim of a ransomware attack. First, make sure your data is backed up both to the cloud and to a removable device, like a flash drive or removable hard drive. Ensure the data are backed up and make sure that when the back up is done that the removable device is disconnected. More sophisticated ransomware attacks encrypt the computer, the network, cloud files and devices attached.
Second, install security updates to your operating system, software and devices. If you keep on getting messages flashing at you to “install updates,” do it. The most recent ransomware attacks that caused the most damage worldwide exploited the fact that companies and individuals did not take the time to install security updates even though they were free and available.
Contains copyright material with permission from The Hartford Steam Boiler Inspection and Insurance Company.
1 Malwarebytes, “Cybercrime Tactics and Techniques, Q1 2017.” (https://www.malwarebytes.com/pdf/labs/Cybercrime-Tactics-and-Techniques-Q1-2017.pdf)
2 Symantec, “An ISTR Special Report: Ransomware and Business 2016,” (https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransom ware_and_Businesses.pdf)
3 FBI Public Service Announcement, “Ransomware Victims Urged to Report Infections to Federal Law Enforcement,” September 15, 2016. (https://www.ic3.gov/media/2016/160915.aspx)