Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Ransomware: Four Ways to Assess This Growing Threat as a Business Risk

Contending with hostage situations is no longer something only shipping companies moving goods through pirate-infested waters must consider. With the growing threat of ransomware – malware that locks data until an enterprise pays for its decryption – businesses across industries have found themselves negotiating with criminals to release critical corporate information. 

Contending with hostage situations is no longer something only shipping companies moving goods through pirate-infested waters must consider. With the growing threat of ransomware – malware that locks data until an enterprise pays for its decryption – businesses across industries have found themselves negotiating with criminals to release critical corporate information. 

One such victim of ransomware was Hollywood Presbyterian Medical Center, a Los Angeles hospital, who recently paid $17,000 to unlock systems taken hostage by criminals. During the attack, the hospital staff reverted to paper records and diverted many high-risk patients to local hospitals. With so much of an organization’s operations dependent on their computer and internet access, it can be catastrophic if they no longer are able to reach these systems.

When data or software is inaccessible, it can slow business operations, cost a company money and damage an enterprise’s reputation. Because of this, it’s critical for business leadership to address the growing threat of ransomware as a business risk rather than a siloed IT issue. 

When an incident occurs, time is critical. The longer an organization waits to respond, the longer its business functions and reputation could suffer. So it’s important that businesses create a response plan for a ransomware incident before an attack occurs, including criteria for determining whether or not to pay to unlock data. Ultimately, the choice to pay or not is a business decision that requires considerations from across the organization and must be debated and agreed upon ahead of time. 

While the calculus of each business will be different, there are several steps companies should take now, before a threat occurs. Considering these factors before an attack will not only aid in response but also show customers, stakeholders and the public that the enterprise has a well-reasoned strategy for dealing with ransomware incidents. 

When creating a plan and considering whether to pay ransoms, enterprises should consider the following items:

1. Back-up and Imaging of Data – With the exponential growth of corporate data, it’s difficult for enterprises to know what information they have and where it’s stored. However, this knowledge is critical to determine whether to pay a ransom. If a company has a solid backup of the data taken hostage, it may be able to revert to spinning up a new copy with backup restoration without needing to pay the criminals.  

2. Importance of the Data – Organizations should take inventory of their data and systems, identifying the operational-critical pieces and then deciding how much they can spend to release the data given an attack. Determining specific criteria beforehand will make responding to a ransom request easier should an attack occur.

3. Reputational Damage – It’s never good when criminals take an organization’s data hostage, but it can be particularly bad for an organization devoted to protecting and serving communities, like law enforcement departments and hospitals. In addition to the importance of compromised data, enterprises should consider how their response to a ransomware attack will affect their reputation with customers, partners and shareholders. 

4. Consider the Liability – While paying a ransom may be the easiest way to release compromised data, there’s never a guarantee that criminals will release the information – you are dealing with professional thieves, after all. But according to the FBI, most organizations that pay the ransom do get their data back. Another argument may say that paying ransoms only encourages criminals and enables them to refine their attacks. However, it’s equally possible that your organization may become a less attractive target, because the company will be more aware and harden the systems against attacks. 

Once a ransom is paid and an enterprise’s data unlocked, regular business functions can resume. But it’s important for the company to address potential fallout from an attack and the company’s reaction. Enterprises should consider how best to communicate their decision to customers and their industry, engage stakeholders and strengthen security to prevent another attack. 

It’s important for organizations to think through these hypotheticals before an incident rather than during an attack. Having a clear response plan to help determine whether to pay to unlock compromised data will help organizations deal with an attack rationally and come to the best possible decision. 

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.