Ransomware’s Dilemma: Pay It or Not?

Home  »  Blog  »  Cyber Security  »  Ransomware’s Dilemma:...

By Bill Minahan   |   November 26, 2018   |   0 Comments

Ransomware is one of the most frightening scourges to hit the Internet.  Ransomware is a form of malware (malicious code) that encrypts a person’s files and demands a ransom payment to decrypt them.  If the money isn’t paid, the encryption keys are destroyed, and the data is lost forever.

Ransomware began to emerge in 2009, and it has been rapidly on the rise.  Recently, it was ranked as the number one threat involving mobile malware.  According to one estimate, “at least $5 million is extorted from ransomware victims each year.”

Ransomware became a household name in 2013, when CryptoLocker infected about 500,000 victims in just 6 months.

CryptoLocker was eventually defeated.  But new variants of ransomware started popping up more frequently.

Ransomware pays off quite well to the cyber criminals.  According to an estimate by Symantec, ransomware extorts at least $5 million each year.

One form of ransomware was even based on a software-as-a-service model, where users could download ransomware, customize it, then dispatch it to victims.  The service took a 10% commission on the ransom.

In another recent instance, a version of ransomware known as Power Worm was badly coded and failed to create a valid decryption key.  The files would thus remain encrypted, and nothing could be done to decrypt them.

To Pay Or Not to Pay?

Ransomware forces victims to make a Hobson’s choice: Should they pay the ransom?  Or not?

The advice out there on this issue is conflicting.  Some say that the ransom should never be paid.  According to Kevin Haley on Symantec’s blog: “The scammers will sell you the key, but “hurry!”  If you don’t pay $500 before the countdown timer expires you’ll pay double. The reality is that, no matter how many times, or how much you pay them, it’s unlikely you’ll ever get that key.  Once they have your money, they couldn’t care less about giving you your files back.”

And in one case involving an email service provider in Switzerland, criminals demanded a ransom in exchange for stopping DDoS attacks, but the criminals kept on attacking after the ransom was paid.

Others say that the ransom is worth paying because it is often not a high amount and is cheaper than losing the data. In one instance, a Sheriff’s Department’s network was infected with ransomware and the Department paid the $500 ransom because the data involved key evidence in cases.  Some argue that the criminals have incentives to restore the files because if they didn’t, people wouldn’t pay the ransoms, and the criminals are after the money.  Indeed, one FBI agent reportedly said that in some cases, people should just pay the ransom.

Prevention Is the Best Medicine

The best medicine against a ransomware attack is prevention.  Backup data frequently.  Keep anit-virus software up-to-date.  But at an organization, all it takes is for one employee to fall for a phishing scheme, and . . . BAM! . . . ransomware hits.  Humans are the greatest vulnerability, and the best defense is training.

There is a silver lining in all this.  More than many types of security risks, ransomware really brings home to employees the dangers out there.  For many employees, malware might seem like a rather abstract risk that doesn’t concern them too much.  But because ransomware has extensively targeted regular individuals and because it operates with such dramatic effect, ransomware is a great subject for training.  A key to getting employees to pay attention and follow advice is to show how it might affect them in their personal lives.  Threats need to be made visceral and scary.  And ransomware is one of those kinds of threats.  In the long run, it might raise great awareness about data security concerns and motivate people to be more careful.

How To Defend Against New Malware Strains?

There are a few ways we recommend you battle this threat:

  • Traditional antivirus is basically dead. We recommend next-gen end point security that provides time period visibility and protection for your endpoints.
  • Using tools that integrate with security information and event management (SIEM) software to streamline responses to potential incidents.
  • Inspect what you Expect. Periodically have experts examine your systems to ensure compliance standards are being met.

Don’t do it alone.
Let aNetworks’ Cyber Security experts become an extension of your team.

aNetworks offers a free assessment to evaluate your organizations current security strengths and weaknesses. It takes 15 minutes. With the assessment, we provide to you a detailed report so you can ensure your systems are secure.