Does it pay to pay ransomware? It depends..

Sometimes lives are at stake, but it doesn’t need to reach that point  
Does it pay to pay ransomware? It depends..
Sam Curry, chief security officer, Cybereason

Cybereason recently published results of their second annual ransomware study which surveyed 1456 cybersecurity professionals across nine countries, including the UAE.

It revealed that 77 percent of UAE organizations suffered at least one ransomware attack over the past 24 months.  It also showed that 90 percent of UAE organizations that paid were hit by ransomware a second time, with 83 percent saying the second attack came in less than 30 days from the first and 78 percent reporting demand for a higher ransom amount.

Some 70 percent of UAE companies (16 percent higher than the global average) said attackers were after customer data and 85 percent of businesses (19 percent higher than the global average) were forced to temporarily or permanently suspend operations following a ransomware attack.

 Around 92 percent of organizations admitted that ransomware gangs were in their network between one month to a year before they discovered them. This points to the double extortion model where attackers first steal sensitive data and then threaten to make it public if the ransom demand is not paid.

Economy Middle East had the following interview with Sam Curry, Chief Security Officer, Cybereason, where we asked:

Does it pay to pay when businesses are faced with paying ransomware?

The bottom line is that you can’t pay your way out of ransomware. When organizations pay a ransom, they fuel the entire ransomware economy. It’s never a good idea to pay, but it may be better than some alternatives. Are lives on the line in a hospital? Do the systems manage critical infrastructure in an energy plant? No one wants to pay, but this decision must depend on who the victims are, once we rule out illegal entities and funding terrorists or banned organizations. The best solution is to not have single points of failure and to prepare ahead of time. After the fact is messy.

Why are we still seeing these levels of attacks – where do the issues lie?

Ransomware attacks are fueled by the fact that the model works. It’s where the money is. It will continue to grow if it is hugely profitable and not addressed. We need to deploy solutions that can stop it cold. We need to collaborate and prepare ahead of time, or the beast will continue to get fed and keep on growing. The hackers attack the least points of resistance and if organizations pay a ransom and don’t address the security vulnerabilities in their network, many will be hit repeatedly.

What new strategies are attackers looking at besides phishing, social engineering, and the like?

Attackers follow the path of least resistance. Put another way, it’s a return-on-investment equation to maximize profit. Any and all techniques are fair game — including compromising the person, the machine, the service, etc. If a new vulnerability emerges, they are quick to pounce and develop an exploit. Much of the advances are in automation or industrializing the harvesting of victims to reach more systems, faster, and shorten the time to ransom.

What can companies do to stop falling prey to these attacks?

The most important thing is to deploy the right prevention, the right detection, the right backup and to take the right business precautions. Resilience is the best defense. Extended detection and response (XDR) solutions stop the spread. Anti-ransomware prevention stops it on detonation, and backup, done correctly, means that even if the worst happens, recovery is cheap, and a ransom doesn’t have to be paid.

Keep in mind that the threat isn’t just encryption, though. With double extortion, the threat can also be exposure of information; so be especially sure to encrypt data at rest, minimize where sensitive data exists, and have the right means to know what has and hasn’t left the building when the worst happens.

Finally, do the tabletop exercises in peacetime, assess the backups and incident response teams, and verify that business processes work as expected. Practice makes perfect, using peacetime to prepare.

Is XDR the silver bullet to stopping ransomware attacks or is it just a matter of time before another new technology starts doing the rounds?

Not all XDRs are created equally. Not all of them, in fact, do the same jobs. XDR done right means that no matter what pathway an opponent chooses, from classic networks to cloud, they can be shut down early and easily. XDR is about stopping attacks and the insidious movements of attackers through enterprise infrastructure. However, there is no silver bullet with an adaptive and intelligent opponent.

XDR is a game-changer, but ransomware defense demands good patching, robust prevention, exercising least trust in access, secure software development, security operations, and more. As for a new technology doing the rounds, we always aim high early in a solution life cycle with a lot of diversity among solutions. Over time, the needs and expectations become more uniform and clearer, but the mission is somehow sacrificed, and a new acronym or buzzword returns to set the targets on the original mission again.

Security hype cycles may not repeat, but they rhyme a lot! It’s our job to make sure that XDR does what the real requirement is — stopping attacks in as close to zero time as possible.

How has the crypto economy changed the attack landscape?

The crypto economy has many, many benefits. But it is also the path to liquidity for criminals of all stripes. Anonymity, reliability, ubiquity. These are exactly what any form of illicit activity craves for in liquidity.

How ready are ‘metapreneurs’, and companies in general, for attacks in that virtual environment?

Wherever there is Human activity, the full breadth of our behaviors appears. Doing business. Playing with friends. Studying for self-improvement. And sadly, crime and conflict too. That question is best posed to those who are building the scaffolding and infrastructure for the metaverse. If they don’t or can’t answer it, the enterprising minds of the people on the dark side of society will also start to flower and explore the emerging meta landscape.

For more interviews, click here.