[BreachExchange] Privacy and security: Should you pay ransom to recover your corporate data?

Audrey McNeil audrey at riskbasedsecurity.com
Mon May 8 19:10:05 EDT 2017


The Federal Bureau of Investigation (FBI) reported that it received more
than 2,400 ransomware complaints in 2015, with a reported loss of more than
$24 million for victims of this cyber-scheme.

Unfortunately, these numbers have risen in recent years, and while 2016
data is not yet available, the FBI reported in early 2016 that it expected
that trend to continue. Employers must understand what ransomware is, how
to keep their data from being held hostage, and how to respond if they do
suffer an attack.

What is it?

Once ransomware infects a computer, it holds a user’s data hostage until a
ransom is paid. Ransomware is most likely to infect a computer after a user
clicks on a link or attachment from an email that appears to be from a
trusted sender and includes a seemingly legitimate request.

>From there, the infection begins to spread, encrypting data on the infected
computer, and possibly even on other computers attached to the same
network. A message will typically appear advising the user that data is
being held hostage and asking for payment in exchange for a decryption key.
Users that don’t pay within a certain timeframe risk losing their data

Is there another option?

Some companies have comprehensive and recent system backups and can restore
data without paying a ransom. This still comes with the costs of
restoration and lost productivity, but is an option that keeps the company
in control.

Most ransomware victims end up paying the sum demanded by ransomware
criminals, which is typically one the target can afford relatively easily.
The average ransom amount was just $679 in 2016, though that figure is an
average including both individual and corporate targets.

However, the FBI doesn’t recommend that entities pony up for a ransomware
request. The Bureau reminds people that paying encourages ransomware
criminals to continue their scams. Paying the ransom could even encourage
criminals to target the same organization again. The FBI also notes that
not all such cybercriminals have the scruples to actually unlock a victim’s
data, even after the ransom is paid.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170508/ff3e35f4/attachment.html>

More information about the BreachExchange mailing list