[BreachExchange] Disruption From Ransomware Attacks Bigger Issue For Businesses Than Payment Demands

Audrey McNeil audrey at riskbasedsecurity.com
Mon Aug 28 19:21:21 EDT 2017


http://www.dynamicbusiness.com.au/technology/disruption-
from-ransomware-attacks-bigger-issue-for-businesses-
than-payment-demands.html

The importance of having well-functioning IT systems that support business
processes has pushed cybersecurity up the priority lists of businesses
around the world. They realise the impact of technology outages can be
significant financial and reputational loss.

While attention has traditionally focused on blocking threats such as
viruses and worms, it’s now shifting to the rapidly evolving area of
ransomware. These attacks involve the infection of a firm’s key IT systems
by malicious code that encrypts data files, making them unusable. The
criminals responsible then demand payment in exchange for the key needed to
decrypt the data.

Ransomware can be delivered in a variety of ways. The code might arrive in
an email attachment or be inadvertently downloaded when a staff member
visits an infected website. Some users fall victim to a phishing attack
where an email message looks to have come from a legitimate source but has
in fact come from a criminal. Opening an attachment or clicking on a web
link within the email is all it takes to launch the attack.

It’s a very real and growing problem. According to a survey by US-based
Osterman Research of companies in Australia, the United States, Canada,
Germany and the United Kingdom, 73 per cent of those surveyed admitted they
had fallen victim to a cyberattack during the previous 12 months.
Alarmingly, 39 per cent of respondents confirmed they had been the victim
of a ransomware attack in the same period.

THE IMPACT OF RANSOMWARE

For businesses of all sizes, a ransomware attack can have a significant
impact on operations. Client files and financial accounts needed for
day-to-day activities may suddenly become unavailable. Compliance records
required to demonstrate adherence to government or specific regulations
could be lost.

As a result, the disruption caused can be much more of an issue than any
demands made by the criminals for payment. The Osterman survey found 81 per
cent of companies that had experienced a ransomware attack faced payment
demands of $1000 or less. Just 4 per cent faced demands for more than
$10,000 and none had demands for payments of more than $50,000.

Compare these amounts with the cost to your organisation if regular
operations had to be halted for 24 hours. What if that time pushed out to a
week? The survey found 22 per cent of Australian businesses that suffered a
ransomware attack had to cease their operations immediately. Of those, 71
per cent confirmed the infection caused nine or more hours of downtime,
with 20 per cent admitting their systems had been down for up to 100 hours.

THE DECISION TO PAY

When a company is hit with a ransomware attack, a decision must quickly be
made as to whether the ransom demand should be paid or ignored. Among
Australian respondents to the survey who had experienced an attack, 55 per
cent confirmed they did not make any payment. Of those opting not to pay,
40 per cent confirmed they lost data as a result of the decision.

Asked broadly whether any organisations should pay the criminal’s demands,
58 per cent of Australian respondents said this should never be done. A
further 40 per cent felt the decision to make payment should be based on
what had been encrypted and its value to the business. Just 2 per cent
thought payments should always be made.

In the end, the decision will have to be made by every business that
suffers a ransomware attack. The amount demanded has to be weighed against
the financial impact the organisation will suffer from losing access to
core data.

However, it should also be recognised that making payment to the criminals
does not guarantee access to data will be restored. There have been cases
where the provided decryption keys have not worked, or no response has been
forthcoming after the demanded amount has been provided.

PRE-EMPTIVE ACTION IS KEY

Clearly, it’s far better for a business to avoid a ransomware attack than
have to deal with the resulting fallout. This is certainly the case in the
waste management sector where disruptions and downtime quickly have a
flow-on impact for staff and customers.

The Osterman research found Australian businesses are using a range of
strategies, both to minimise their chances of falling victim and to ensure
they can quickly respond if an attack does occur.

Strategies include ensuring regular backups are made of critical data and
those backups are stored separately from production systems. There’s little
point having a backup if it too can be accessed by the malware and
encrypted.

Firms are also putting in place traditional email security solutions and
implementing network segmentation to stop the spread of malicious code
should it enter the firm’s infrastructure.

Another important step is to educate all staff about the risks associated
with ransomware attacks and the potential ways in which they can occur. By
ensuring they are aware of the risks of suspicious email attachments and
visiting unusual websites, the chance of an attack taking place can be
reduced.

The ransomware threat shows no sign of abating, and so Australian companies
must give more attention to their preparation and response capabilities.
Through deploying appropriate tools, undertaking regular backups, and
educating staff, they can ensure they are best placed to withstand an
attack if it occurs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170828/6e44a278/attachment.html>


More information about the BreachExchange mailing list