Ransomware: To Pay or Not to Pay?

This week, the barrage of ransomware has once again reached global proportions. Petya, like Wannacry , will not be the last ransomware we will have to encounter. The vulnerability of our systems, and the flash fire that can engulf the planet, with an exploit in some distant land – is a scary reality. The wayward click of an unsuspecting user in Ukraine (or some other country) can create a problem that reaches virtually every shore. Our weakest point is literally every point that is connected to the internet. In this era, it is incumbent upon every company – and every person – to do their fair share of vulnerability hygiene, to protect all of us. Knowing which systems are vulnerable, is therefore a key insight, and COMPAREX has the tools and the expertise to help.

Mukul Chopra, Digital Transformation Center Director at COMPAREX

An article by the Mukul Chopra, Director of Digital Transformation Center Security at COMPAREX

What is ransomware?

Unfortunately, most people are now familiar with ransomware, the headlines scream it every day. Ransomware encrypts important documents and files on infected computers and then the perpetrators demand a ransom (usually in Bitcoin) for the digital key needed to unlock the files.

Why is ransomware so big?

Simply put: Because it makes a lot of money for the criminals.

By some estimates, ransomware payments exceeded $1.5 billion in 2016. This is compared to only about $325 million in 2015. The staggering increase is proof that the ‘bad actors’ are succeeding. The average ransom in 2015 was the equivalent of $ 295. In 2016, it was almost double at $ 679 and is projected to be in excess of one thousand dollars in 2017. Ransomware is so lucrative that Malwarebytes estimates that 60% of all malware observed in 2016, was ransomware.

Ransomware-as-a-Service?

Yes, you can actually buy Petya (and other malware including a variant called “Mischa”) in a bundle, complete with instructions on how to use it.

“One of the perfidious characteristics of Petya ransomware is that its creators offer it on the darknet with an affiliate model which gives distributors a share of up to 85 percent of the paid ransom amount, while 15 percent is kept by the malware authors,” said Jakub Kroustek, Threat Lab Team lead.

We are already seeing new malware variants like “Jigsaw” which encrypts the files and then starts releasing them or deleting them, to put added pressure on the victim to pay up. Expect new and innovative ways in which criminals are likely to use “incentives” to make you pay. Criminals are morphing, changing and innovating just like the rest of us.

How should I protect against ransomware?

Patch, patch, patch . Make sure that you have installed the latest bug fixes. Software is not perfect. There is a constant battle to close loopholes in existing software. In the case of Petya, Microsoft released a patch in March 2017 that would have prevented the infection. All the exploits that you hear are systems that were not patched in time.

Back up data. And make sure that you test the restore capabilities of your systems.

Teach your users to “Think before you click”. Users remain the weak link in many organizations. Security awareness training is a necessity, not a luxury.

If you make the payment, can you restore your data?

In previous outbreaks – and there have been many – paying the ransom amount did result in getting a decryption key to restore your data.

In the case of the current Petya outbreak, the address where payments need to be sent, is no longer active. So, desperate companies are sending Bitcoins to a defunct address and have zero chance of getting the decryption key!

Should you pay the ransom?

The answer depends on how valuable your data really is? And whether you have effective means to restore the data.

In a recent survey, IBM asked 600 business leaders if they would pay to get their data back. Twenty-five percent said that they would be willing to pay up to $ 50,000 to get their data back.

Joseph Bonavolonta, Assistant Special Agent in charge of the FBI’s Cyber & Counter Intelligence Program concurs: “To be honest, we often advise people just to pay the ransom.” 

In February 2017, Hollywood Presbyterian Medical Center in Los Angeles paid nearly $17,000 to unlock the hospital’s computer network. Frankly, many businesses have no option. Some look at the cost of payment as being lower than that of recreating the data, thus justifying payment.

Others argue against payments. “Caving in to the demands of cyber-extortionists only reassure them of their strategy and perpetuates the threat cycle”, says Bharat Mistry, cybersecurity consultant at Trend Micro.

Regardless, IT departments are now stocking up on Bitcoins, the digital currency used to pay most of the ransoms. They are increasingly of the opinion that it is simply better to be prepared.
 

Do you want to detect security vulnerabilities in your IT environment?

The COMPAREX Portfolio Management Platform is committed to closing the security gap caused by mismanaged or unknown software installations.

COMPAREX Portfolio Management Platform in detaill

Contact our specialists now to find out more about how you can ensure endpoint protection with consistently updated security levels:

Leipzig, 29.06.2017

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

Related articles

5 Biggest Security Concerns after "WannaCry"

Still reeling from the aftermath of the "WannaCry“ ransomware it is just the right time to start considering the next set of threats that we need to be concerned about. Read the full article ...

Archive

Get an overview of all published blog articles of the past months.

 Read more

Share this Article

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.