Please Don’t Pay the Ransom
November 30, 2016 by Bill Rosenthal

In October, SentinelOne, a cybersecurity company in Palo Alto, sponsored a survey of 500 cybersecurity professionals worldwide. The survey was limited to firms with 1,000 or more employees, and it found half of them had responded to a ransomware campaign in the past 12 months. Eighty-five percent reported suffering three or more attacks.

The bad news, then, is that ransomware attacks have multiplied substantially over the past year or so. The worse news is that we seem to only be at the beginning of this trend. SentinelOne’s press release on the study quotes Jeremiah Grossman, SentinelOne’s Chief of Security: “We don’t expect the ransomware epidemic to slow down anytime soon. The situation is likely to get far worse, as some of the ill-gotten gains will be invested into research and development designed to improve encryption strength and utilize new delivery methods, as witnessed with Locky.”

In other words, there are still a lot of amateurs in the ransomware game, but they are gaining in sophistication, and we are witnessing the birth of a virtual industry.

Here’s something to remember about ransomware. When you pay the ransom, you are almost certainly helping to fund the development of more advanced and sophisticated attacks and making the world a more dangerous place for all businesses. So, if you’re not concerned enough to protect your own organization from ransomware attacks, at least be concerned enough not to make it tougher on everybody else.

According to the findings, 83% of organizations that suffered ransomware attacks through phishing emails or social media. And more than half (59%) said the attackers got in via drive-by downloads when users clicked on compromised websites.

As long as computer networks are being used by human beings to get their work done, there is very little prospect of a technological cure for this. Just as there are no technological cures for garden-variety con jobs — whether they present themselves online, by telephone, or in person — there is no technological cure for preventing ransomware attacks, and for the same reason. A ransomware attack begins with a con. If you can spot the con, you can prevent the attack. 

There are some excellent resources available to help you. Verizon Enterprise Solutions, publisher of the annual Data Breach Investigations Report, is now publishing a monthly Data Breach Digest, and the November 2016 issue contains some important tips, both technological and administrative, for protecting your organization. I urge you to download and make use of it.

The tips in the Data Breach Digest are thoughtful, but there is really no substitute for learning to recognize and avoid the threat. And that means training. Make sure your employees know how to browse the web safely, use email securely, use social networking securely, and use cloud services securely. Even with all the news stories about data breaches and ransomware, too few employees know of the dangers of social engineering, much less how to detect it. A program like Logical Operations CyberSAFE builds an understanding of basic social engineering tactics, as well as the ways in which they can be used to compromise a network. CyberSAFE Anytime delivers this learning through a broad spectrum of instructional techniques, including video learning, peer-to-peer learning through social communities, checklists for on-the-job support, assessments that check for understanding, and much more — all under the guidance of a qualified instructor.

Don’t pay the ransom. Don’t even risk the attack. Train your employees to recognize the ransomers, and they will be your first line of defense.