Article author:
The Canadian Press
THE CONVERSATION
This article was originally published in The Conversation, an independent, non-commercial source of news, analysis and commentary by academic experts. rice field. Disclosure information is available at the original site.
——
Author: Michael Parent, Professor of Management Information Systems, Simon Fraser University
highlights the ongoing scourge of
Ransomware is a type of malware (malicious software) that infiltrates information systems and steals computers or their devices until the victim pays to obtain the keys or passwords. Block access to files. The term ransomware wasn't in common lexicon until about a decade ago (it was added to the Oxford English Dictionary in 2018).
Now that it has evolved, in 2021 he had 3,729 ransomware complaints registered, costing him US$49.2 million in designated critical infrastructure alone. . Average ransomware payouts rose 82% to reach a record $570,000 in the first half of 2021.
And the situation is only getting worse. The FBI's Internet Crime Complaint Center reported 2,084 ransomware complaints from January 2021 through July 31. This is a 62% increase over the previous year.
For any organization, cyberattacks are a question of "when," not "if." Cyber attacks are inevitable. This forces leaders to ask themselves if they are willing to pay the ransom.
About half of all organizations choose to pay the ransom. But that also means about half aren't. What makes this a particularly thorny problem is the lack of a correct answer or clear structure. So the problem becomes: Under what conditions should the ransom be paid and what factors will help the leader make this decision.
Block Access
There are four core actions that ransomware can perform, embodied in the acronym LEDS: Lock, Encrypt, Delete ,steal. Ransomware can lock or prevent access to data and information systems, requiring a key to unlock. Similarly, access can be granted, but the data is gibberish as it is properly encrypted and requires a decryption key to make it readable. The data can be deleted (erased) on the spot or sold to the highest bidder.
It is the multiple deployment of these effects that makes today's ransomware attacks particularly pernicious and insidious.
Once malware is installed on an organization's system, criminals typically contact victims via anonymous email or the malware itself (a pop-up window) and offer immediate ransom payment in cryptocurrency. demand and usually threaten. more harm.
Paying the ransom may provide the decryption key. Enter this in the pop-up window and your system and encrypted stuff will be unlocked instantly.
Considerations Before Payment
There are two aspects he should consider when deciding to pay a ransom. A business decision and an ethical decision.
Law enforcement agencies such as the FBI and RCMP categorically advise never to pay the ransom. There are two good reasons for this. The first is to reward and encourage criminal behavior. Second, if the hacker community finds out that an organization is willing to pay, it can put them in even more danger.
That doesn't mean there will be no more crime, but you could be targeted more.
Paying a ransom is not a crime if the perpetrator is not a known terrorist organization. This could change as some countries, notably the United States, have proposed enacting sanctions compliance laws that would criminalize all cyber ransom payments. Hmm. As such, hackers often identify themselves as victims.
Honest Crime
There is a compelling business case for paying ransom demands. Crime works because if you want it, it's an honest one. This means that there is a 70% chance that paying the ransom will provide a valid decryption key.
This makes sense. Criminals must show good faith and keep their promises to profit from this endeavor.
Criminals know this too. Targeted campaigns show that attackers spend an average of nearly six months inside corporate networks before executing ransomware. This is to ensure that malware has infected as many systems as possible, including backups. Identify and extract the highest value items. Leave no trace. To gather business intelligence, such as incident response plans and insurance policies. This allows you to determine the maximum amount of ransom you want.
This is the essence of business case determination. For example, let's say the cost of a ransom event is estimated by him at $500,000 (based on database size, recovery time, data validation during recovery, and other costs). A ransom demand of $250,000 is clearly the better method as it is not only cheaper but also faster than other methods.
Organizations can calculate the cost of various incidents and, in principle, decide whether they are willing to pay for each possible ransom scenario. This leads to the development of what is called the ransomware payment matrix for organizations.
Moral Aspects
But there is also a moral or ethical aspect to this decision. Paying criminals may not be consistent with your organization's core values, culture, or code of ethics. Even so, this can go wrong for the company's employees, clients, and other stakeholders.
There are many frameworks and theories dealing with workplace ethics, and leaders should utilize one or more of them. This will help you make a decision about paying the ransom. Because while paying the ransom may make a lot of business sense, it may not be the right thing for your organization.
Instead, organizations may choose to invest funds otherwise used to pay ransoms in training, cyber protection, and system upgrades and patching.
As with any decision, it is important to consider all options before a cyber attack occurs. This includes discussions with employees, customers and other stakeholders. It also includes insurance companies (who are increasingly reluctant to insure against ransomware events) and law enforcement.
Accepting the inevitability of cyber-attacks and thoroughly investigating different scenarios will help you not only prepare for an attack, but also respond more effectively when an attack occurs. It has the double effect of enabling
——
Michael Parent does not work for, consult with, own shares in, or receive funding from any company or organization that benefits from this article. schedule.
-
This article is reprinted from his The Conversation under a Creative Commons license. Disclosure information is available at the original site. Read Original Article: https://theconversation.com/before-paying-a-ransom-hacked-companies- https://theconversation.com/before-paying-a-ra