There is a growing debate between giving up to the extortion committed by cybercriminals or suffering the consequences. Within this complex scenario, ransomware is one of the main risks that companies must face, and it does not seem to ease any time soon. The ransomware industry growth has been exponential, doubling its attacks in 2021 as it embraces new technologies, automates execution, develops new business models (like RaaS), and leverages software vulnerabilities or social engineering techniques.
It is important to note that ransomware attacks are no longer limited to rendering services unusable through encryption, but rather, as an additional security measure, they exfiltrate, which generates a double threat of blackmail for their victims. Some of the most active malware on the market, such as REvil or Conti, offer services that true technology laymen even hire. In other words, they make almost automatic mechanisms available to their clients to choose attack vectors, manage the launch of malware, manage the blackmail process and even select payments methods.
Source: Cloudwars.net
A quarter of the companies that suffered a cyberattack paid the ransom, according to data extracted from the annual report on global security by CrowdStrikeo. The primary reason is “immediate recovery of control” since some services or data essential for them are under siege. Also, “the risk of public disclosure of confidential information or the impact on the image that the fact of having been attacked could have for the company” was cited as one of the main reasons to pay ransom after a cyberattack.
Paying should never be an option.
Consenting to pay ransom may be illegal to the extent that it involves a violation of the law in various aspects, as it can be seen as collaboration with gangs or money laundering. In addition to that, the most common thing is that ransom payment occurs through anonymous transactions using bitcoins or other types of cryptocurrencies. Given this, company sources explain that in this type of process, the traceability of the payment or its possible recovery is not guaranteed, so all payments made in bitcoins will be lost forever if the process is not completed successfully. Also, remember that data recovery becomes a matter of trust in the cybercriminal. It is digital data, and nothing prevents offenders from duplicating it and reusing it in fraudulent sales to interested third parties.
Threats keep evolving, and attacks never get better; they always worsen. So organizations need to divert their efforts away from building impenetrable systems and instead develop a response plan, focusing on early detection and building a response plan and risk mitigation by enforcing their data handling policies to protect sensitive information.
If your data has been exposed on a ransomware extortion site, “it’s important to assess the value of this leaked data and determine if any additional controls should be put in place to decrease the risk of an adversary using this data in the future,” said Daniel Kapellmann, Mandiant senior technical analysis manager.