Your money or more strife? It never pays to negotiate with cyber-criminals
With a number of high profile cyber-attacks making headlines in recent months, companies across the world have been left reeling as the cyber-crime crisis continues to increase in strength and severity.
It seems that hardly a day passes without another corporate company being flagged as the latest victim of a crippling cyber-attack in what has become a virtual world war being waged over the web. And despite the perceived transparency of well-known names admitting to falling foul of the fraudsters, it is unclear how many other businesses have been affected.
Meanwhile, the cyber-crime network seems to be gathering more and more momentum, devising increasingly sophisticated and consistent attacks. In fact, cyber-attacks have become so prevalent, companies are now stockpiling bitcoins in anticipation of becoming the next target of a ransomware attack.
In June this year, a South Korean web hosting company made history by agreeing to hand over $1 million (£750,000) in cryptocurrency to end an eight-day outage and recover their data. But is negotiating with cyber-criminals foolish or just a fact we have to face up to?
It is thought that as many as two-thirds of businesses are now paying out on cyber-crime ransoms in a bid to retrieve data that has been encrypted and held hostage by criminals. But by doing this, companies are running the risk of playing right into the hands of the hackers and opening up the floodgates for more frequent and more severe breaches in the future.
Cyber-crime is now a huge underground industry with hackers operating ‘professional networks’, with the sole aim of generating large-scale incomes. It’s not just ransom pay-outs that make cyber-attacks lucrative. For those preying on unsuspecting victims, the data itself can be extremely valuable and therefore incredibly profitable.
For example, imagine a governmental organisation that has its emails hacked as was the case recently when over 90 accounts were compromised at the UK Parliament. It’s not just the inconvenience of the attack itself, and the resulting costs, downtime and reputational damage, but the ramifications of leaked information, and where the data may end up. Such material can be priceless to fraudsters, and there is every possibility that in the wrong hands it has the chance to adversely affect a country’s national security, economy, and political negotiations – and even lead to war.
Paying cyber-criminals to unleash your data from their grip is, ultimately, a futile exercise which breeds opportunities for them to expand, and gain a further advantage over innocent and unsuspecting victims.
Even if your data is recovered following a pay-out, can you ever really trust somebody whose sole purpose was to dupe you? The short answer is “no”. Not only are you running the risk of gambling with the croupier and the casino, but you are helping to fuel future attacks, and allowing fraudsters to continue in their quest to nix networks, sever software and conquer content.
Avoiding being part of the cyber-attack economy by refusing to yield to ransomware payments is one of the best ways to minimise its future development and help aid in the fight against fraudsters. Instead of paying cyber-ransoms, companies need to prepare themselves not for the ‘ifs’, but the ‘whens’ and how their systems are likely to be breached. And in doing so, their preparation has to be strategic, and their armour ironclad.
A company’s plan shouldn’t be focused on an attempt to avoid attack altogether. But instead, should aim to safeguard systems through the strength and quality of its backup and data recovery solutions. And subsequently their effectiveness to mitigate the fallout from attacks, and retrieve information as quickly as possible without playing into the hackers’ hands.
There’s every possibility in the future that a cyber-attack will result in the ‘corporate assassination’ of a large-scale and prominent multinational company – the magnitude of which could ricochet around the world causing unprecedented damage. At its very worst, data theft has the potential to cause an unimaginable catastrophe – and that’s a cost no one should have to pay.
Contributed by Daren Oliver, managing director of Fitzrovia IT
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.