Could you say no to ransomware?

Ransomware attacks are on the rise and significantly so. It seems like every day there are reports of new companies and governments being hit by ransomware. If you were hit by ransomware, would you be able to say no to the attackers and not pay the ransom or would you give in to their demands?

This is a complicated question and one that is coming up around the world and especially here in the United States.

In case you are not familiar with ransomware, this is a particular type of cybersecurity attack that can have devastating results. Simply put, a ransomware attack typically begins when a targeted user clicks a link or attachment in an email they have received. This email is typically a sophisticated social engineering attack where the attacker has monitored the users email traffic pattern and crafted an email that is purposefully designed to trick them into clicking what they believe to be a safe link or attachment, from someone they know and trust.

Once activated, the malicious software code within this link or attachment downloads a piece of software that then looks across all the connected locations from the infected computer. This malicious payload then encrypts all of the data, rendering it inaccessible to anyone who tried to open a file. Once this happens, users on the infected computer network are presented with a pop-up notice informing them that their data has been encrypted and unless they pay a ransom, they will not be able to access their data ever again. Thus ransomware.

The hackers are holding your own data hostage, by making it inaccessible right where it has presumably safely resided for years. Often, the ransom amounts grow over time, so if you take too long to consider whether or not to pay the ransom, you may see the amount increase, substantially.

The amount of ransom the hackers request varies, but the hackers show all indications of becoming far more educated about their targets and much less random. In the past, random organizations would get infected and ransom demands would range in the hundreds to sometimes thousands of dollars. As these attacks have become more sophisticated and targeted, the ransom demands have grown into the hundreds of thousands of dollars. It is not uncommon to hear infected organizations have paid ransoms in the tens and hundreds of thousands of dollars because this was their only option to retrieve their data. Over the past few weeks, some IT organizations that provide outsourced services to companies have been hit and have had to pay significant ransoms to regain control of their system.

Municipalities seem to be particularly targeted. The city of Portsmouth was hit a little over a year ago and remediation costs were said to be more than $100,000. This particular event was supposedly not a ransomware event, but carried a high cost nonetheless. In the case of ransomware attacks, major municipalities like Atlanta, Baltimore and several smaller cities in Florida have been hit and due to not having effective and secure backup and redundancy in place, they have had no choice but to pay the high ransom demands.

In part as a result of this trend, this past week the U.S. Conference of Mayors adopted a resolution representing every city with more than 30,000 residents committing to not pay ransom should they be infected with ransomware. The resolution recognizes that more than 170 state and local government entities have been hit by ransomware and more than 20 of those attacks have occurred in 2019. As any law enforcement agency will tell you, the concern with paying the ransom is that it encourages the further spread of the threat. It’s a lucrative form of extortion.

The resolution is all well and good, but at the end of the day, if you don’t have the proper controls, education and data protection in place, you could easily find yourself in the position of having to choose between recreating your businesses electronic assets from scratch or paying a ransom to recover your data. Would you be able to say no to a ransomware demand?

MJ Shoer is an IT consultant based in Portsmouth. He provides coaching and content development, partner program and technology stack management, Office 365 optimization, realistic cybersecurity and virtual CTO services to his clients. He maintains a blog about IT at www.mjshoer.com/blog and may be reached at mj@mjshoer.com.