As we have been hearing in the news headlines, Ransomware is
the most prevalent threat vector that we have today. Not only has it gotten worse, but it is
expected to continue further down this path well into next year.
Many Cyber experts now fear a possible Ransomware attack
upon our Critical Infrastructure, in which a Cyberattacker literally hold a
major US hostage for days on end, with no water, electricity, or oil/gas, thus
starving people to death.
Now the question comes down to, whether the actual Ransome
should be paid. This is a topic that I
have addressed before, and I still stand firm on what I believe in. I will reveal that at the end of this
blog. Given just how fierce it has
become, many victims now feel compelled that they must pay up in order to get
their normal business operations up and running again.
According to a recent research project that was conducted by
Veritas, 66% of businesses claimed that it would take at least five business
days or more in which to restore operations back to some normalcy. Obviously, this is time that no business can
afford to take place, so the next best option is to merely pay off the Ransome. More information about this can be seen at
the following source:
But this only fuels the cycle for this madness to continue:
*The Cyberattacker deploys the Malware to essentially lock
up the files and the devices of the victim;
*The victim is totally paralyzed by this, and decides to
make payment via a Virtual Currency, such as that of Bitcoin. This is done so that the Cyberattacker cannot
be tracked down.
*This payment is then used to fuel the fire for other
attacks like this to happen.
But in some cases, the attack could be so devastating, that
the victim really feels that they have no choice but to pay up. This is best exemplified when the
Cyberattacker threatens to make the PII datasets of the company available to
the public, or even sell them on the Dark Web for a rather nice sum of
money. These extremes of extortionism
have gone even deeper than this.
In an effort to help stop this vicious cycle from happening
all of the time, the Department of Treasury back in September announced a new
set of rules that would require public reporting in case they did pay the
Ransome. In fact, they had even taken
steps to make paying up the Cyberattacker a crime, or even a felony of
treason. But as far as I know, nothing
too much of that has actually become law yet.
In fact, the City of Baltimore made news when it was hit by
a rather massive Ransomware attack.
Rather than merely coughing up the $76,000 that was demanded of them,
the City refused to pay up. Because of this, more than $18.2 billion were spent
in trying to rebuild what was taken over by the malicious payload.
More information about this nefarious attack can be seen at
the links below:
https://www.darkreading.com/endpoint/baltimore-city-network-struck-with-ransomware-attack
While trying to make paying Ransomware attacks illegal, or
even punishable by law, we first need to take a closer look as to what is
causing these attacks to take place to begin with.
Apart from the financial gain of it, many Cyberattackers
target their victims because they know they are weak, primarily because they
don’t have all of the required security tools or technologies in place. But remember, it takes more than technology
to have a great line of defense.
It also takes every employee in the business that they are
working at to have a proactive mindset.
This means if you see something suspicious, report it immediately. Don’t take any action whatsoever, leave that
up to the pros on the IT Security
team. This also means having a 24
hotline in which abnormal behavior can be reported anonymously on a 24 X 7 X
365 basis.
Being proactive
means training your employees what Ransomware is, and the signs to look out for
in case they see any red flags that are popping up. This definition also
extends to the IT Security team. Given
them the tools that they need in order to react in a timely manner to any sort
of Ransomware threat that may be looming on the horizon.
This also means
that the C-Suite needs to give the CISO the money that they need in order to
accomplish this task.
To put it bluntly,
this will all impact the Earnings Per Share (EPS) that no CEO wants to see
happen to the company that they are at the helm of. Being proactive also means that your business
has the proper Incident Response/Disaster Recovery/Business Continuity Plans in
place and ready to activate them when and as needed. In fact, this was one of the key lesson
learned from the COVID19 pandemic.
My Thoughts On
This
So at the beginning
of this blog, I had mentioned where I stand on all of this. My answer is, and always will be, to never make payment of any kind
whatsoever. Why so I say this? It all comes down to putting the brakes on
this madness somewhere, somehow.
By not paying the
Cyberattacker, they will simply lose motivation in launching similar kinds of
threat variants. But y paying them, we
are only fueling the fire for more innocent victims to be affected.
Although people
might disagree with me, one of the best lines of defense is to make backups of
all of your mission critical information and data. That way, if you are hit, you can come back
to some reasonable level of operations hopefully in a quick manner.
Also, consider
migrating your On Premises Infrastructure to the Cloud, such as that of the AWS
or Microsoft Azure. That way, if you are
even hit at this level, you can create new database servers and Virtual
Machines (VMs) in just a matter of a five minutes or less. Think about all of
the time, expense, and effort it would take to restore your servers if you have
an On Prem Infrastructure.
Believe it or not,
there even have been documented instances in which after the ransom payment was
made, that the Cyberattacker actually complied with their end of the deal and
released the decryption keys so that the victim could get access back to their
files and devices. But don’t count on this happening all the time.
Also, newer ways of
tracking the Virtual Payments after they have been made would also help quite a
bit in the attribution process of finding the perpetrators.
Just think about
all of this in this context: Back in the
Reagan Administration, and even up to now, the mantra has always been never to
negotiate with terrorists. So why can’t we do the same thing with the
Cyberattacker???
No comments:
Post a Comment