Ransomware certainly isn’t something new—you just have to look at the Wannacry attack on the UK’s National Health Service (NHS) and the SamSam attack on the City of Atlanta to prove it. However, despite its long history, it continues to succeed in costing the victims a pretty penny. Atlanta set aside more than $2.6 million for recovery efforts, and the UK government estimated that Wannacry cost the NHS £92 million!
With ransomware’s lethality continuing to grow, industry leaders must look to themselves as part of the problem. The FBI estimates that ransomware payments have reached $1 billion per year, which means victims are putting money in the pocket of these criminals and funding their next attack.
Exhibt 1: HFS data shows that nearly 60% of enterprises are concerned about ransomware
Source HFS Research
Ransomware is disruptive to enterprise and industry—lookout for phishing spam
Ransomware is malicious software that denies access to a computer system until the victim pays a ransom. The most common method of penetration is through phishing, which is when an email or document is masqueraded as something legitimate but instead downloads the program onto the victim’s computer, which is then able to spread throughout the network and lock it down.
Ransomware is extremely disruptive to business, literally halting all operations and costing enterprise and industry dearly for every second until it is eliminated. Norsk Hydro, for example, suffered an attack that reached 22,000 computers across 170 different sites and 40 countries; employees were left using pen and paper. Despite this, the firm refused to pay the ransom and instead began the lengthy process, with the support of Microsoft, of restoring its IT infrastructure from backups. It took months for the firm to recover, and it cost them approximately £45 million, but the fact that they never paid the ransom saw them receive much praise from law enforcement and other organizations.
It is this disruption that helps cybercriminals choose their victims. They target organizations that will experience the most disruption, hoping it will be cheaper and easier for them to pay the ransom. The healthcare industry is a prime target. Hackers have targeted five US healthcare providers this year alone because of how crucial health data is and how that without it, the risk to patients’ lives is huge.
One of these healthcare providers paid $75,000, a relatively small sum. However, companies often brush large ransom payments under the table to avoid embarrassment.
Stop giving your lunch money to bullies—ransomware is on the rise, and continued payments will create a vicious circle
Researchers at cybersecurity company Malwarebytes say that businesses’ detections of ransomware have risen more than 500% since 2018. The sharp increase makes it even more crucial that industry leaders understand that paying any ransom allows these criminals to invest in their technologies and encourages them to strike again. If you give your lunch money to the bully every day, he will get stronger, and you will get weaker—ransomware is no different.
Enterprise leaders need to beef up their security and see the bigger picture—you can’t keep feeding your enemy!
Law enforcement organizations and the information security industry have long advised organizations not to pay cybercriminals their ransom. Too often, though, organizations have bowed to the criminals through fear of financial loss and dropping productivity. To pay the criminals is a risky game. Not only are you funding your attacker, but there is no guarantee they will give you back access. They may seize the opportunity to hang you upside down and shake the pennies out of you!
Leaders must look to prevent ransomware attacks before they even start—it is possible!
You can prevent being held up by ransomware by following sensible security practices; for example, make frequent offline backups, stay away from suspicious emails, and, of course, that thing I always bang on about—educate your staff.
The Bottom Line: If the ransomware attacks are to stop, industry leaders need to stop paying the bad guys.
Industry leaders ultimately need to invest in educating their staff to prevent ransomware attacks. Staff don’t intentionally click on infected emails—educating them on how to spot suspicious activity will go a long way. Moreover, it is of paramount importance that the industry stop paying the ransoms hackers demand of them. Continuing along this path will only lead to attacks increasing in effectiveness and cost.
Cybercriminals’ ransom demands will continue to increase, pushing the boundaries of what has traditionally been asked, especially if industry is so swift to pay them large sums of money. Overall, it’s a no brainer that if industry wants this to stop, ransomware attacks need to become less lucrative.
Register now for immediate access of HFS' research, data and forward looking trends.
Get StartedIf you don't have an account, Register here |
With the exception of our Horizons reports, most of our research is available for free on our website. Sign up for a free account and start realizing the power of insights now.
Our premium subscription gives enterprise clients access to our complete library of proprietary research, direct access to our industry analysts, and other benefits.
Contact us at [email protected] for more information on premium access.
If you are looking for help getting in touch with someone from HFS, please click the chat button to the bottom right of your screen to start a conversation with a member of our team.
