COMMENTARY. Ransomware is a pervasive issue affecting businesses of all sizes and industries, and the best way to respond remains hotly debated.
While much fanfare coincided with the announcement of a US-led, 40-country coalition to collectively reject the payment of ransoms to cybercriminals, it's more a symbolic gesture than a practical solution.
The most effective solution to the ransomware challenge isn't an international agreement; it's an enhanced understanding of potential threats and better preventative security measures.
Cybercriminals stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn't paid, resulting in the company ponying up the $4.4 million ransom.
For critical infrastructure organizations like Colonial Pipeline, restoring operations and services and regaining control of sensitive information is critical, meaning making swift payments to hackers following an incident is often the most efficient way to reduce the damage to the business.
The year of the ransomware attack, the Colonial Pipeline Company had $3.1 billion of assets, and the prior year generated a net income of $420 million on $1.3 billion of revenue.
Given the damage to reputation and productivity in the days the pipeline was down, paying the ransom was akin to dealing with a frustrating but nowhere near bank-breaking speeding ticket.
The potential cost to reputation and the climbing costs of ransom demands mean that even large organizations with funds to spare must combine efforts to combat cybercrime.
A proactive effort that meets cyber threats with strength and prioritizes preemptive techniques with threat intelligence provides organizations with cybersecurity postures that are two and a half times more likely to be effective.
The Conti ransomware group revealed that cyber groups adjust their demands for each victim: the higher the victim's annual revenue, the lower the percentage of revenue demanded.
Although the ransom demands for SMBs might be smaller monetary amounts, they typically represent a higher percentage of their annual revenue, thus causing a larger impact on the business.
SMBs typically spend an average of $38,000 to recover from a security breach, including costs associated with a temporary pause in trade, excluding any ransom payments.
Given that the average annual revenue for small businesses falls within the range of $44,000 to $1 million, the feasibility of making ransomware payments may be in question.
The solution to the growing challenge of ransomware lies, undoubtedly, in better cybersecurity that prevents ransomware attacks from occurring in the first place.
Combined with increased action from law enforcement to apprehend attackers and deter cybercrime, ransomware groups will face a more even challenge.
Proactive Security Is the Way to Counter Rising Ransomware Threats Verifying whether businesses do or don't pay ransomware demands isn't always practical; however, estimates suggest that 46% of organizations pay ransomware extortion, and 26% of organizations that use backups to restore data also pay.
Preventing ransomware payments is not a viable solution to the growing problem of ransomware, nor is it the most effective.
The international alliance, while a symbolic resistance to ransomware demands, misses the critical point in combating rising ransomware crime: security.
Organizations must invest in better cybersecurity practices, threat intelligence, and proactive initiatives to prevent ransomware attacks in the first place and lessen the impact when or if they become victims.
Empowering organizations to resist extortion tactics through preventative measures rather than relying solely on the decision to pay or not pay ransom demands is the real solution.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 16 Jan 2024 15:00:28 +0000