A poll of 8,571 individuals conducted on Twitter by Menlo Security suggests business and IT leaders are becoming more inclined to accept financial losses rather than cave to ransomware demands.
A full 79% of respondents said they would not pay ransom to regain access to their data. Among those that would pay, however, two in five said they would pay no more than $100.
The willingness of organizations to pay ransom for their data using anonymous digital cryptocurrencies is becoming a flashpoint in the debate over how best to respond to the recent rash of ransomware attacks, with some lawmakers and law enforcement agencies advocating for a ban of the practice. Organizations that have paid ransom to regain access to their data generally conclude that, had they not paid, the damage to the business would be greater than the cost of the ransom. However, it’s clear that paying ransom only serves to provide cybercriminals with a financial incentive to launch additional attacks.
In fact, it’s not uncommon for organizations that have ransomed their data to suffer additional attacks either launched by the same cybercriminals or by another entity that learned of their vulnerability to such attacks and their willingness to pay.
As is the case with most criminal activity, business and IT leaders are looking to governments to contain the current ransomware crime spree. More than two-thirds of poll respondents said there is a clear need for more government intervention and advocate for prison sentences for cybercriminals. Surprisingly, only 16% of respondents said it is unlikely cybercriminals would be apprehended.
Mark Guntrip, senior director for cybersecurity strategy for Menlo Security, noted, however, it’s unlikely cybercriminals would be punished given the current lack of legal recourse. The official stance of the Russian government right now, for example, is that alleged cybercriminals have not committed a crime within its borders, and there are no extradition agreements that exists with other countries where they could be indicted. During a recent summit between President Biden and Russian president Vladimir Putin there was reportedly a discussion about some unspecified targets being off-limits. Prior to that meeting, the two countries renewed a non-binding pledge to not attack each other’s infrastructure.
Of course, Russia is not the only country that has become a haven for cybercriminals. The legal framework for indicting these individuals in any meaningful way is all but nonexistent. As such, it’s up to organizations to better defend themselves from attacks by adopting zero-trust IT architectures, noted Guntrip.
The issue that many organizations encounter, however, is there is too much focus on malicious users when applications can also be loaded with malware, added Guntrip. IT organizations need to assume that neither individuals nor applications can be trusted, said Guntrip. Menlo Security is making a case for a platform that isolates the client systems end users employ from data and applications.
In the meantime, IT organizations are advised to keep pristine copies of their data off-site; that enables them to recover their data in the event their data suddenly becomes encrypted. The challenge, of course, is making sure the offsite data doesn’t inadvertently get infected with the same malware cybercriminals are employing to encrypt an organization’s original data.