As I wrote yesterday, things with the Ukraine are starting
to heat. And with this, comes the even
greater chance of far nastier Ransomware attacks than we have ever seen
before. I have written about this topic
and even talked about it with podcast guests about the one fundamental question: Should you pay the Cyberattacking group or
not?
Overall, people seem to agree with me that no, you should
not pay it up. But, quite surprisingly,
in a recent market which was conducted by ThycoticCentrify, found the
following:
*83% of the respondents claimed that they had no choice but
to pay the actual ransom;
*90% of them have even allocated a special budget to pay
ransom in case they were hit;
*66% of the respondent say that they would much rather pay
the ransom so they can move on and minimize any further losses.
This study can be found at this link:
https://thycotic.com/resources/ransomware-survey-and-report-2021/
But, even despite this, there are still compelling reasons
why you should not pay a ransom to the Cyberattacker. Here are some of them:
1)
There is no guarantee:
The rationale is that if you do make
a payment, then the Cyberattacker will send you the decryption keys so that you
unlock your computer and retrieve your files.
But don’t count on this ever happening, if you take into account these
stats:
*Only 51% of victims were able to
successfully retrieve their data;
*46% were able to access their
data, but much of it was altered or corrupted;
*Another study found that only 8%
of victims got their data back in its whole;
*50% of the respondents could only
gain access to just 65% of their data.
SOURCES:
https://www.cybereason.com/press/new-cybereason-ransomware-study-reveals-true-cost-to-business
https://news.sophos.com/en-us/2021/04/27/the-state-of-ransomware-2021/
2)
You could be hit again:
If you have been hit, and you pay
up, the chances are that are even greater that you will be hit again, at some
other point down the road. Look at this:
*80% of those companies polled in
another survey said that they were hit again, after paying the ransom.
SOURCE:
https://www.cybereason.com/press/new-cybereason-ransomware-study-reveals-true-cost-to-business
The reason for this is simple: The Cyberattacker now knows where your weak
spots (even after you have totally remediated them) are, and they know you will
pay up even a higher amount the second time around.
3)
It will lead to greater levels of sophistication:
At the present time, it appears that
the Cyberattacker still uses the basic methodologies in which to craft new Ransomware
variants. In other words, they are
simply building a better mousetrap. But with more money coming from ransom payments,
they now have more $$$ to actually conduct research and development in order to
create much sophisticated variants, right from scratch. One example of this is known as the “BlackCat”,
and more information about this can be seen here at this link:
https://unit42.paloaltonetworks.com/blackcat-ransomware/#Technical-Details
4)
The “Doxing” effect:
This is when a Cyberattacker throws
a double whammy at you: Not only do you
lose your files and devices, but they also threaten you by exposing those PII
datasets to the outside world, and even selling them on the Dark Web. This is
also technically known as “Double Extortion” attacks, and in fact, in just the last
two years since 2019, there has been a 935% increase in this kind of attack.
SOURCE:
https://blog.group-ib.com/hive
But, once again here, don’t count the
Cyberattacker to keep their promise. For
instance, even if you do pay up, there is still a strong likelihood that they will
still sell the PII datasets on the Dark Web, or expose them out to the public.
5)
You could be held for treason:
Just recently, the United States Federal
Government has enacted a series of laws which would make it actually illegal
for you to even make a ransom payment.
This was brought on by the Office of Foreign Assets Control, also known
as “OFAC”. In numerous bulletins they
have sent out over the course of last year, they have made it clearly known that
both individuals and businesses have been sanctioned and fined. They also have recently what is known as the Trading
with the Enemy Act, also known as the “TWEA”.
This law essentially prohibits US citizens from making ransom payments
to known Cyberattacker groups that can be found on the so called Specially
Designated Nationals and Blocked Persons List, also known as the “SDN”. Also, any future ransom payments will be
scrutinized heavily by the Financial Crimes Enforcement Network, also known as the
“FinCEN”. This is a branch of the US
Department of Treasury.
More information about this can be
seen at the following links:
https://home.treasury.gov/system/files/126/ofac_ransomware_advisory.pdf
My Thoughts On This:
Well, there you have it, five key reasons why you should not
pay the Cyberattacker, backed up with some hard-core statistics. I still hold to my position that one should never
pay up. Companies are now using the logic
that is far less expensive to pay the Cyberattacker than to do deal with the long-term
financial impacts. However, this is short, sided thinking.
The bottom line is that one has to think for the long term
as well, and that indicates one should never up at all.
No comments:
Post a Comment