Ransomware: To Pay or Not to Pay?

Ransomware dominates the headlines in IT security publications due to the continued success cybercriminals are enjoying with it. Ransomware is probably the bluntest sort of malicious software you, or your organization, are likely to experience.

How much Ransomware risk can you tolerate?

Ransomware is particularly intrusive and painful as it locks you out of your computer or denies access to your files, and then demands payment for you to regain access to your own data. Individuals as well as business end users are at risk.

Ransomware comes in several varieties. One category utilizes the “lockscreen” approach: After taking over your computing device and locking it down so that you cannot access any of your applications or data, the malware displays a popup a window that accuses you of some sort of crime or other dastardly deed. The perpetrators offer you a get-out-of-jail card—but only if you pay a fine they impose on you.

Another category of Ransomware encrypts your files, rendering them inaccessible to you without the unlock key. Instructions are provided to recover your data via a popup window demanding money for the unlock (decryption) key.

When infected, you may have a chance to get around most lockscreen versions without paying the Ransomware executor, if you have access to good technical support that has experience with malicious software. No such workaround exists for the file encryption variety, however. When infected with Ransomware encryption, you may be able to restore data files if you have a recent backup, otherwise you are had and you are forced to consider paying the unknown criminal for a copy of the decryption key.

The History of Ransomware

CryptoLocker was the one of the initial examples of Ransomware to be identified, impacted thousands of victims as it spread across the Internet in late 2013. Once a user’s computing device was infected, the CryptoLocker software encrypted all data on the machine’s attached drives, including network shares across an entire network.

CryptoLocker has been followed by new ransomware versions that continue to be refined and deployed to target victims for ransom. These later-generation malwares have included Cryptowall, which was a successor to CyptoLocker; Onion, which utilizes the Tor anonymous network; and most recently TelsaCrypt, discovered in January 2015.

TelsaCrypt is an aggressive new version of Ransomware that targets Windows devices and expands on the tactics utilized by previous versions. In addition to locking the computer and encrypting the user’s files, this version seeks out and encrypts an even broader range of data files. Ransomware is also now targeting mobile devices, and in 2014 a version was identified that was targeting Android devices.

How susceptible are you and your business?

If you have one or more email accounts, then you will be targeted eventually—if you have not been already. Ransomware targets victims through email phishing campaigns including malicious email links that deliver the payload you were least suspecting. Once you’ve downloaded the malware, your data is under their control!

If infected by Ransomware, should you pay?

That is a pretty straightforward, simplified review of the methodology of Ransomware. But for your business, understanding the technology behind the problem is only the beginning. The nontechnical question that you will likely be confronted with is, “Should you pay?”

The reality is, you probably have no idea who is extorting you, or even the country where they’re located. One factor in your decision whether to pay the ransom is a key question: If you do pay the attackers, will they unlock your data files?

The typical extortion price ranges from $300 to $600, but may be much higher. There is also the issue of how to pay the cybercriminal. Bitcoin has been the payment method of choice. (Bitcoin is an online, peer-to-peer system that functions without the support of any central banking institution. Recent reports question the viability of this payment network and loss of Bitcoin values.)

t is worth noting that most cybercriminals tend to honor Ransomware payments to protect the ongoing value of their criminal activity. There are certainly no such assurances you will recover your data, however, and most security experts and law enforcement advisors advise not to pay and succumb to such extortion.

Forced to assess the value of data files (financial records, intellectual property, client files) that are being held hostage, most businesses realize their options are limited. Paying off a ransom supports ongoing extortion by cybercriminals. Paying the price demanded may be preferable to data loss, however, if you don’t have any viable option to recover from the loss of your files.

What can you do to help protect against Ransomware?

Take precautions to help avoid being a victim of Ransomware. Here’s what I recommend to my clients:

  Establish explicit policies regarding the use of email.

  Employ good security software with regular updates. This includes Endpoint Security (AV/Malware), and Web content protection.

  Increase the frequency of your backup jobs based on the value of your data and potential lost work.

  As part of your efforts to proactively battle against email phishing attacks, consider scheduling email phishing assessments to test how susceptible you and your staff are to these threats.

I’d also advise reading an article I posted previously, Business CEOs Are Asking the Wrong Question About Cybersecurity Threats, to learn more about how Ransomware fits into the business security landscape.

This entry was posted in CyberSecurity. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *