Ransomware and Ransomware as a Service
What would you do if cyber criminals kidnapped your business systems, even your backup systems, with your company data and the personal details of your customers and employees held hostage?
Would you pay whatever the thieves demanded to obtain the decryption code and protect your data?
We like to get involved in this type of thorny debate so we decided to look at some of the issues.
Ransomware: The Background
Attackers use malicious software (or malware) to cripple your business systems, steal or encrypt your data, and bring everything to a standstill.
You cannot afford to be out of action and the reputational impact of exposing your business and operational data to criminals is painful to think about. However, if you pay the ransom, are you not simply encouraging the criminals to carry out more attacks?
The Colonial Pipeline ransom attack in May 2021 forced the top US fuel pipeline operator to shut down its network, affecting half of the East Coast fuel supply.
It had the potential to increase fuel prices and have an impact on the country’s economy. Colonial and the US government are investigating and, to date, US$2.3million of the reported US$4.4million ransom paid in cryptocurrency has been recovered.
While this is one of the most disruptive attacks so far, they aren’t limited to large organisations.
Thousands of small businesses are also experiencing attacks which are expected to cost US$20billion around the world in 2021.
Ransom demands are increasing all the time, and the overall cost has at least doubled to be up to 10 times the ransom paid, when you include downtime, lost orders, and operational losses.
Ransom demands are increasing all the time, and the overall cost has at least doubled to be up to 10 times the ransom paid, when you include downtime, lost orders, and operational losses.
In many cases, even when the ransom is paid, not all stolen data is returned.
Scarily, the malware creators now offer their product (encryption tools, communications, and ransom collection) on a ransomware-as-a-service (RaaS) basis.
Why is Ransomware so Widespread?
The widespread availability of the cloud-based IT infrastructure is good for your business, but it also gives international criminals a secure and scalable environment for malware that can be accessed from anywhere.Scarily, the malware creators now offer their product (encryption tools, communications, and ransom collection) on a ransomware-as-a-service (RaaS) basis.
Their ‘customers’ are the attackers who could be subscribers, affiliates, licence-holders or partners. They might target specific vulnerabilities in technology or market sectors.
It really is Big Business.
Recognising Your Exposure
Critical infrastructure and supply chain organisations are popular targets including energy, food, transport, and public services. Because high availability underpins their services, they are more likely to pay a ransom.Changes in working patterns during the pandemic have also exposed new vulnerabilities for many organisations.
Working from home, supply chain changes, digital transformation, and staff shortages have all created an environment where mistakes can be innocently made, routine security maintenance can be delayed, and best practices diluted.
Many of the recent attacks have been based on critical vulnerabilities that have been known for 90 or more days.
However, the weakest link is employee behaviour, so everyone needs to know about the risks and understand the practices and routines they must follow.
Creating a security culture for your organisation does not need to involve weeks or months of training about cybercrime and cyber security with the Firebrand immersive accelerated training experience.
Take Action
The most effective and practical response is to carry out a risk assessment to understand your weaknesses, and to work with security experts to identify solutions such as artificial intelligence and automation to reduce your exposure.However, the weakest link is employee behaviour, so everyone needs to know about the risks and understand the practices and routines they must follow.
Creating a security culture for your organisation does not need to involve weeks or months of training about cybercrime and cyber security with the Firebrand immersive accelerated training experience.