Victims Feel Paying Ransom is Their Only Option
By now it is no surprise that ransomware is the favored method of cyberattackers, but it’s still startling that 64% of organizations have been the victim to such an attack—of those, 84% felt they had no other recourse but to pay the ransom.
What’s more, half have admitted they lost revenue as well as suffered damage to their reputations after an attack, according to the ThycoticCentrify 2021 State of Ransomware Survey & Report: Preventing and Mitigating the Skyrocketing Costs and Impacts of Ransomware Attacks.
Relentless assaults by ransomware operators have forced companies to spend significant amounts of money to combat. For nearly three-quarters of respondents (72%) cybersecurity budgets increased because of ransomware threats. And almost all (93%) are earmarking funds in a special budget to fight ransomware threats.
“Advanced cyberattacks have evolved such that any organization in every industry can be targeted,” said Lookout CEO Jim Dolce.
And while that is most certainly true, cybercriminals have their eyes on certain sectors that may land them a larger payout. They “have found their sweet spot with industries such as government, manufacturing, banking and critical infrastructure,” said Timur Kovalev, CTO at Untangle.
Cyberattackers’ motivations and methods have changed, too. “Previous ransomware attacks stole or accessed data and held that hostage while demanding a ransom and threatening to leak or sell the data,” Kovalev said. “Malicious actors have recently targeted specific companies where they can cause severe disruption to service and society, in general, knowing these entities will pay the ransom to get services up and running as soon as possible.”
Not only are “ransomware actors getting increasingly brazen because they face no real consequences,” said John Bambenek, threat advisor at Netenrich, “they are getting high ransoms because the costs of being down far exceed the cost of paying the ransom.”
But paying the ransom may be exacerbating the problem. Kovalev stressed that “ransomware attacks are increasing because companies are paying the ransom,” pointing to “organizations such as JBS and Colonial Pipeline, who paid a $4.4 million ransom, although a good portion was returned.”
When cybercriminals see the large payouts, “it encourages them to strike more often and at larger, more lucrative targets,” Kovalev said.
And there’s no guarantee victimized companies will get their files or data back. “These days, there are a lot of people who are obsessed with the tactical response after a ransomware incident occurs,” said Valtix Vice President Jigar Shah. “Often, paying the ransom does not even let you recover as the attacker just vanishes and does not help free locked resources.”
At this point, said Shah, “the major costs are on how to recover and rebuild.”
Traditional security measures don’t address advanced modern tactics used in these attacks because they simply can’t keep up. “Threat actors are always trying to think a step ahead, and their tactics are constantly evolving,” said Dolce. “Security teams need to modernize their security posture by proactively implementing practices and tools across all corporate endpoints to mitigate the risk of these attacks before they can even get started.”
Some success has been made tracking payment methods to attackers, though. “This is an interesting development, as cryptocurrency has always had the reputation of complete anonymity,” said Rita Gurevich, founder and CEO of Sphere. “‘Follow the money’ has always been an investigative technique of law enforcement, and as ransomware attacks increase, the demand for proficiency in blockchain and cryptocurrency should continue to increase, as well.”
That effort and other recent actions by the government and private sector “have changed the narrative from one of response to prevention of ransomware attacks,” she said. ”The focus for IT and security professionals is now on ensuring backups are in place, increasing training for users and an effective access governance model. IT and security professionals also need to adapt to their new environment, where the skillset they successfully employed a few years ago may not suffice against the sophisticated ransomware attacks of today.”
