The Risks Involved in Paying After Ransomware Attacks

Image by Pete Linforth from Pixabay

Ransomware attacks do not necessarily end with the payment despite the huge sum of money involved, there are potential risks attached to the attacks.  A session at Gartner’s Security & Risk Management Summit has revealed that the average cost of a ransomware payment in Q1 2020 was $178,254.

While the amount is on the high side, you should know that the downtime cost due to any attack was not taken into consideration. Depending on the size of your business and especially if it’s a midsize company, there are chances that you’ll not be getting all of your encrypted data back after you might have paid for the ransomware attack, the session went on to divulge.

Paul Furtado, a senior director and analyst of MSE security at Gartner, was reported to have observed that “What we see is that about 4% of the data is non-recoverable.” What this boils down to is that you have lost both ways. 

You have paid the ransom demanded but your data has been compromised and tampered with. It dawns on you that the guys you are dealing with don’t have an iota of good intention for you and your business. 

Another thing you should expect with your data once it is targeted by ransomware is that they will proceed to encrypt it. This will be the case whether your data is at rest or in transit, you will only discover that your data has been corrupted when you try to decrypt it. 

According to Gartner, a midsize enterprise (MSE) is a company with between 100 and 1,000 employees, and with revenues between $50 million and $1 billion. If your company falls between this range, the general expectation is that you will be operating on an IT budget of less than $20 million, and possibly with 10 to 50 people in your IT department. 

You may or may not have a dedicated cybersecurity leader, which is the common case with more than 50% of MSEs. With all these are going for or against you depending on how you see the situation, the question right now is, how do you respond to a ransomware attack?

Just as you are a unique individual, so also is your brand unique in every sense of the word. As an individual, your mindset does a lot in overcoming ugly situations, that singular uniqueness is what determines how you attend to a ransomware attack. 

How quickly you believe you can recover, your ability, and to a very large extent, the impact the attack will have on your brand, are things you need to consider. They will enhance your decision on whether to pay to get the decryption key or if it’s worthwhile for you to try a recovery measure from backups and other tools you may have in place.

The advice from the law enforcement agencies is that you don’t pay, and if you have to pay, it should be the last recourse. While this advice sounds pragmatic, you need to consider your resources and customers. 

However, remember that the average cost of a ransomware payment in Q1 2020 was $178,254

You should also focus on the following: 

  • The downtime costs arising from the ransomware attack can be as much as five to 10 times the actual ransom amount. 
  • That $178,254 amount is a gigantic leap from a $5,593 average payment in Q3 2018. 
  • The ransomware threat level increased by 148% in March over the previous month — this shows that the guys are in for a thriving business.

Are you undergoing a ransomware attack loop?  Have they been able to inject the malicious code into your systems without you knowing?

If that is the case, you have been backing up the malware for weeks or even months without realizing it. When they detonate it, and you attempt to restore your backup thinking you are safe, what you will discover is that your efforts are mere futile. 

Your backups have been encrypted or even deleted. In the interim, they can also have been infected by the malware and the ransom demand will start all over again.  

Some other things you must put into consideration are primary ransomware payloads which embody spear phishing, remote desktop connection compromise, and malware wrappers — as well as deployment timelines. According to a report by US cyber-security FireEye, 76% of all ransomware infections in the enterprise sector occur outside working hours. 

While 49% take place during nighttime over the weekdays, 27% take place over the weekend. You should also endeavor to find out how much data is sold for, and more.

Furtado, at the session, gave the following takeaways as a way for midsize enterprises to protect themselves from ransomware threat:

  • Conduct better awareness training: You can effect this by offering smaller sessions over time, instead of having a single one-hour session that employees can only attend once every 12 months.
  • Ensure that email spam filters implement URL protection: Your organization’s spam filters should also use email/attachment sandboxing, endpoint protection that implements non-signature technologies, and better web filtering (including enabling gateway antivirus, blocking risky file extensions, using HTTPS filtering, and blocking unnecessary ports).
  • Close open doors: Block unnecessary ports on endpoints, for example.
  • Adhere to the “3-2-1” rule for backups: Ensure you keep three copies of your data on two different media types, with one being offsite.
Tagged , , , , , ,

About John Ejiofor

John Ejiofor is a curious life-researcher, whose quest to finding answers to life's pertinent questions has led to founding Nature Torch. This blog aims to debate and explore many questions about our earth -- including those a lot of people are uncomfortable with asking. He has been published on some of the internet's most respected websites, which you can find online.
View all posts by John Ejiofor →

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.