If your company falls victim to ransomware and you want simple advice on whether to pay the criminals, don’t expect much help from the government. The answer is apt to be: It depends.
In a survey of nearly 1,300 security professionals, Cybereason found that 4 in 5 businesses that chose to pay ransoms suffered a second ransomware attack.
“We strongly discourage the payment of ransoms,” Eric Goldstein, a top cybersecurity official in the Department of Homeland Security, told a congressional hearing.
But paying carries no penalties and refusing would be almost suicidal for many companies, especially the small and medium-sized. Too many are unprepared. The consequences could also be dire for the nation itself. Recent high-profile extortive attacks led to runs on East Coast gas stations and threatened meat supplies.
The dilemma has left public officials fumbling about how to respond. In an initial step, bipartisan legislation in the works would mandate immediate federal reporting of ransomware attacks to assist response, help identify the authors and even recoup ransoms, as the FBI did with most of the $4.4 million that Colonial Pipeline recently paid.
President Joe Biden got no assurances from Russian President Vladimir Putin in Geneva last week that cybercriminals behind the attacks won’t continue to enjoy safe harbour in Russia. At minimum, Putin’s security services tolerate them. At worst, they are working together.
Energy Secretary Jennifer Granholm said this month that she is in favour of banning payments. “But I don’t know whether Congress or the president is” in favour, she said.
And as Goldstein reminded lawmakers, paying doesn’t guarantee you’ll get your data back or that sensitive stolen files won’t end up for sale in darknet criminal forums. Even if the ransomware crooks keep their word, you’ll be financing their next round of attacks. And you may just get hit again.
Data indicate that most ransomware victims pay. The insurer Hiscox says just over 58 per cent of its afflicted customers pay, while leading cyber insurance broker Marsh McLennan put the figure at roughly 60 per cent for its impacted U.S. and Canadian clients.
But paying doesn’t guarantee anything near full recovery. On average, ransom-payers got back just 65 per cent of the encrypted data, leaving more than a third inaccessible, while 29 per cent said they got only half of the data back, the cybersecurity firm Sophos found in a survey of 5,400 IT decision-makers from 30 countries.
(Associated Press)
Print this page
