Why paying the ransom is not the solution for ransomware victims

The increased reliance on multiple cloud environments over the past two years and the growing number of employees opting for a hybrid work standard has created plenty of opportunities for ransomware gangs to target organizations. In response to the growing impact of ransomware attacks, businesses of all sizes are investing in a zero-trust security approach where digital identities and multi-factor authentication (MFA) play a key role.

Ransomware threat status

Ransomware attacks have become more advanced and complex in recent years, evolving from simple malware deployment and extortion to a tiered Ransomware-as-a-Service (RaaS) business model where services” like Initial Access Brokers grow and then sell. or hire their services. So-called “double extortion” attacks also increase the risk, where cybercriminals exfiltrate data before encryption and ransom demand. All of these developments contribute to a greater threat to organizations.

Research from CyberRisk Alliance indicates that 43% of companies surveyed experienced at least one ransomware attack in the past two years (2020 – 2021). 32% think they can’t prevent ransomware attacks because the threat actors are too well funded and sophisticated.

According to the Thales Data Threat Report 2022, attacks had a significant impact on 43% of ransomware victims. The impact ranges from core costs, such as financial loss due to penalties, fines and legal fees, to more indirect costs including lost productivity, recovery costs and brand reputation.

To pay or not to pay? This is the question

Ransomware attacks are sometimes even worse than an organization’s planned worst-case scenario. Data stolen by the ransomware group may be so sensitive or damaging that releasing it would destroy the organization. After all other options have been exhausted, an organization realizes that they may have to pay the ransomware group.

In fact, the percentage of ransomware victims who choose to pay the ransom is higher than you might think. The findings of the CyberRisk Alliance report indicate that 58% of victims paid a ransom, while 29% found their data stolen on the dark web.

However, paying the ransom might not be the solution to your nightmare. Even if a company pays, there is no guarantee that the attackers will return the data or that the decryption key will recover the data to where it was before the attack. According to a 2021 Sophos report, 92% of these organizations do not recover all of their data, and 29% of them do not recover even half of the encrypted data.

Inconsistent data return isn’t the only reason companies should avoid paying the ransom. Federal agencies like CISA and other security professionals point out that paying the ransom does more harm than good. While paying might seem like a viable option and a quick fix to your problem, there are plenty of reasons why you shouldn’t:

  • Ransomware Gangs Encouraged Because Ransomware Funds Them
  • Double extortion tactics only increase the ransom demand
  • Companies that pay the ransom could face future legal issues for funding terrorism

Prevention is better than reaction

Before even discussing the possibility of paying the ransom, companies should start planning how to reduce the likelihood of being the next victim of a ransomware attack.

Ransomware business model

The first step is to understand how ransomware gangs work. These criminals often prey on big game hunting. The higher the expectations for service reliability, quality and trust, the more likely the company is to be targeted. For these companies, the impact of the disruption on business operations is far greater than the payment. When an electrical or utility network is compromised, it can lead to outages and traffic jams, and when safety mechanisms are breached, the release of toxic chemicals, oil spills, fires or explosions.

The problem is exacerbated by the fact that the skills required to execute a ransomware attack have been significantly reduced. Ransomware-as-a-service models offer a complete package to potential attackers. Ransomware packages exist with millions of stolen access credentials on the dark web that allow people with relatively little technical knowledge to effectively execute ransomware attacks.

Build your defenses – a zero trust approach

Identity-based access and multi-factor authentication can help reduce the incidence of such attacks. Organizations need to be proactive and develop capabilities to identify the source of repeated and excessive login attempts and block those attempts. This capability is crucial for detecting and reducing the impact of ransomware attacks.

In line with the recent executive order, an owner of the Americas Marketplace for IAM said, “Adding Identity Verification Gates (#MFA) in front of every application can not only reduce the risk of being hit by #ransomware, but also limit the damage caused”.

Adopting a Zero Trust architecture is one of the most effective ways to prevent ransomware attacks. Built on the “never trust, always verify” principle, a Zero Trust security strategy would have prevented ransomware attacks like Colonial Pipeline and JBS, preventing it from spreading through operations while keeping the operation running. .

Zero trust is also not a magic bullet for ransomware, but it can help create a much more robust security defense against ransomware attacks if implemented well. One of the main pillars of zero trust focuses on user identity and access management. Others include threat monitoring, detection, and inspection capabilities needed to prevent ransomware attacks and the exfiltration of sensitive data. Zero Trust frameworks significantly reduce the attack surface because employees and third parties only have access to the resources they need at any given time.

Zero trust is a strategy that facilitates digital transformation. It requires a commitment from across the organization and requires a shift in mindset, executed diligently. However, the bonus is that companies that successfully implement zero-trust security will be much stronger at fighting ever-evolving threats like ransomware and emerge as truly cyber-resilient organizations.

Comments are closed.