Ransomware: To Pay or Not to Pay?

This week, the barrage of ransomware has once again reached global proportions. Petya, like WannaCry, will not be the last ransomware we will have to encounter. The vulnerability of our systems, and the flash fire that can engulf the planet, with an exploit in some distant land – is a scary reality. The wayward click of an unsuspecting user in Ukraine (or some other country) can create a problem that reaches virtually every shore. Our weakest point is literally every point that is connected to the internet. In this era, it is incumbent upon every company – and every person – to do their fair share of vulnerability hygiene, to protect all of us. Knowing which systems are vulnerable, is therefore a key insight, and SoftwareONE has the tools and the expertise to help.

Unfortunately, most people are now familiar with ransomware, the headlines scream it every day. Ransomware encrypts important documents and files on infected computers and then the perpetrators demand a ransom (usually in Bitcoin) for the digital key needed to unlock the files.

Simply put: Because it makes a lot of money for the criminals.

By some estimates, ransomware payments exceeded $1.5 billion in 2016. This is compared to only about $325 million in 2015. The staggering increase is proof that the ‘bad actors’ are succeeding. The average ransom in 2015 was the equivalent of $ 295. In 2016, it was almost double at $ 679 and is projected to be in excess of one thousand dollars in 2017. Ransomware is so lucrative that Malwarebytes estimates that 60% of all malware observed in 2016, was ransomware.

Yes, you can actually buy Petya (and other malware including a variant called “Mischa”) in a bundle, complete with instructions on how to use it.

We are already seeing new malware variants like “Jigsaw” which encrypts the files and then starts releasing them or deleting them, to put added pressure on the victim to pay up. Expect new and innovative ways in which criminals are likely to use “incentives” to make you pay. Criminals are morphing, changing and innovating just like the rest of us.

Patch, patch, patch! Make sure that you have installed the latest bug fixes. Software is not perfect. There is a constant battle to close loopholes in existing software. In the case of Petya, Microsoft released a patch in March 2017 that would have prevented the infection. All the exploits that you hear are systems that were not patched in time.

Back up your data. And make sure that you test the restore capabilities of your systems.

Teach your users to “Think before you click”. Users remain the weak link in many organizations. Security awareness training is a necessity, not a luxury.

In previous outbreaks – and there have been many – paying the ransom amount did result in getting a decryption key to restore your data.

In the case of the current Petya outbreak, the address where payments need to be sent, is no longer active. So, desperate companies are sending Bitcoins to a defunct address and have zero chance of getting the decryption key!

The answer depends on how valuable your data really is? And whether you have effective means to restore the data.

In a recent survey, IBM asked 600 business leaders if they would pay to get their data back. Twenty-five percent said that they would be willing to pay up to $ 50,000 to get their data back.

Joseph Bonavolonta, Assistant Special Agent in charge of the FBI’s Cyber & Counter Intelligence Program concurs: “To be honest, we often advise people just to pay the ransom.”

In February 2017, Hollywood Presbyterian Medical Center in Los Angeles paid nearly $17,000 to unlock the hospital’s computer network. Frankly, many businesses have no option. Some look at the cost of payment as being lower than that of recreating the data, thus justifying payment.

Others argue against payments. “Caving in to the demands of cyber-extortionists only reassure them of their strategy and perpetuates the threat cycle”, says Bharat Mistry, cybersecurity consultant at Trend Micro.

Regardless, IT departments are now stocking up on Bitcoins, the digital currency used to pay most of the ransoms. They are increasingly of the opinion that it is simply better to be prepared.