More Than Half Say They Might Pay Off Ransomware Attackers
According to a study conducted by Neustar International Security Council, 60% of businesses would consider paying a ransom to ransomware attackers in the event of an attack. Of the businesses surveyed, only 1 out of 5 businesses would be willing to raise the annual expenses by 20% to repair damage caused by such attacks.
Furthermore, 80% of respondents are strongly in favor of defending against ransomware attacks. Effective defense would prevent the halting of operations or the payment of ransoms. 69% of respondents view ransomware as a top concern compared to other attack vectors. In light of recent ransomware incidents, many are giving special attention to cyber security and how to implement more protection in their operations.
The Ransom Debate
The FBI warns the public that paying ransoms to threat actors will encourage them to attack again, however recent ransomware attacks have all resulted in ransom payments. While some strongly believe that paying ransom is never the right approach, there are also matters of business survival and national infrastructure maintenance that is necessary to consider. In the event that an attacker encrypts a company’s systems, they will be unable to function or conduct business without a decryption key. Decryption of encrypted data is a time-consuming task, even with a decryption key, let alone trying to do so without one. Decryption keys are offered by ransomware attackers in exchange for a ransom payment.
The recent ransomware attack on Colonial Pipeline demanded a ransom in exchange for a decryption key, and the largest U.S. pipeline agreed to the exchange. This was after fuel shortage induced panic spread rapidly through the U.S. northeast. JBS foods, a meat processing company, was also the victim of a ransomware attack that forced them to shut down their servers to protect the integrity of their systems. The company also paid a ransom to their attackers.
While the above examples show the possible catastrophic outcomes from following the FBI’s suggestions, there is also the case of Vastaamo. The Finnish mental health startup paid ransom, but had a very different outcome. Vastaamo offered a streamlined approach to mental healthcare, where patients and therapists could connect on an online network to schedule appointments and keep notes. Notes included private psychotherapy session details, including sensitive topics such as pedophilic thoughts, infidelity, and more. Patients ranged from civilians to politicians, and the attacker not only demanded ransom from the company but from individuals as well. Under threat of exposure, patients scrambled to pay off their ransom while the company allegedly did the same. Nonetheless, the stolen database was still released to the public, and Vastaamo was forced to shut down.
The story of Vastaamo is not only a warning to companies to take cybersecurity seriously, but also to the public about what paying ransom cannot ensure. There is no guarantee that an attacker will keep their end of an agreement, and paying ransom encourages further ransomware attacks. Ransomware is considered the most lucrative ways for hackers to attack, and continuing to pay ransom will keep it that way.