Ransomware: Should you pay the ransom?
Interview| Martin Charagu, CSAD Security Consultant – Rapid7
Ransomware attacks are growing in size and frequency globally. In 2021 alone, ransomware attacks cost businesses $20 billion, and, at the current rate of growth, this is expected to rise to $265 billion by 2031.
Ransomware attacks are so effective and debilitating for organisations – most will pay the ransom just to regain access to their files and systems as quickly as possible.
Deciding whether or not to pay the ransom is a difficult decision that is affected by different factors such as the sensitivity of the data, or the availability of working backup mechanisms. Even if an organisation does pay the ransom, there is never a guarantee that they will have total restoration of data – if any. Research shows that only 65% of data is recovered and only 8% of organisations manage to recover all encrypted data.
Reasons why organisations should not pay ransomware
Law enforcement agencies recommend that organisations do not pay the ransom, because in paying the ransom, further criminal activity is encouraged, and ransomware attacks will continue to increase.
In addition, paying the ransom makes an organisation a target for future attacks as they have proven that they will follow the attackers demands. In addition, these organisations could find themselves in a difficult legal situation as the money paid to the attacker is assumed to be used to fund other illegal activity – making the organisation complicit in future crimes.
What do these attacks cost the African continent, and which countries are at risk?
According to a report by Palo Alto Networks, the average ransom has increased to upwards of $300,000 – and is projected to go beyond this value as attacks and techniques evolve
Interpol’s African Cyberthreat Assessment Report highlighted more than 1.5 million ransomware detections in 2020. In the first quarter of 2021, Egypt, South Africa, and Tunisia were the most-targeted countries – with Egypt alone experiencing 35% of all ransomware detections in Africa.
What should organisations do to avoid being attacked?
While there is no guarantee that an organisation will not be targeted, mitigating the risks that are involved with a ransomware attack are possible, and include elements such as:
- Maintaining a proper working backup. Organisations should do backup and recovery exercises, and ensure that data backups are stored in a secure – or separate – network to thwart potential network attacks
- Reduce the available attack surface. This is one of the most successful ways of preventing ransomware and other related attacks, and products such as Rapid7 can help with incident detection, vulnerability assessments, and threat intelligence – giving organisations as much proactive protection against ransomware attacks as possible.
- Cyber Security awareness training. Encouraging security teams and employees to be vigilant and aware of different attack vectors by offering continuous training and assessments reduces the risk of vulnerabilities that leave an opening for attacks.
- Incidence and continuity plan. This allows organisations to better prepare for ransomware and other similar attacks.
Mitigate the risks and be aware of cyberthreats
Ransomware – and other – cyberattacks are set to continue their growth globally, and the best approach any organisation can have is a proactive one. Ensuring that employees are trained and aware of threats, implementing security products, and establishing continuity plans will ensure that organisations reduce potential vulnerabilities and minimise the opportunities that threat actors have to hack their systems.