70% of Enterprise Ransomware Victims Pay Up
The world most valuable resource is no longer oil, but data. So what happens when this most valuable of assets is compromised or stolen? Would you pay to get it back or prevent its release to the wilds of the internet? Recent data suggests that 70% of enterprise ransomware attacks result in the criminals successfully eliciting payment from their victims. What’s more, the amounts being paid by the victims to prevent the release of their data, have gone up significantly. Some of the most prolific ransomware operators have even created websites where they release the data of non-paying victims. Early ransomware attacks were largely aimed at locking victims out of their systems with payment demanded to regain access. This shift in the modus operandi of the criminals is proving to be very costly to businesses and highly profitable to criminals.
This post was inspired by an email we received this week from a charitable organisation we have donated to, informing us that, a company that provides database systems to them, was the victim of a ransomware attack. The victim of the cyber-attack was Blackbaud who provide third party customer relationship management software across the globe. This was widely publicised and just one of many large enterprises to fall victim in 2020. Blackbaud was successful in preventing the lockout of their systems, however, not before the attackers had compromised a subset of their data. To prevent the threatened release of their customer’s data, Blackbaud paid the undisclosed ransom demand. So, should you pay? Our advice has always been and remains that you should never pay. There is no guarantee that the criminals won’t release your data anyway after you pay or come back to you demanding further payment. That said, it would be unfair to judge any company that pays, given what’s at stake and the harm the release of data could do to them and their customers.
Over the past several months we have seen a paradigm shift in work practices, with the Irish government and governments around the world urging businesses to allow their workforce to work from home while the world tackles the ongoing pandemic. Remote workers are the “low hanging fruit” for cybercriminals who are increasingly taking advantage of the largely inadequate security measures implemented for remote workers and not just with ransomware. Only recently Twitter fell victim to a globally publicised Social Engineering attack that compromised a number of high profile accounts. Invoice Redirect Fraud and CEO Fraud are also on the increase as criminals take advantage of remote workers who are physically disconnected from their HQ.
SonicWall Phishing intelligence found that during the period March – June 2020 there was a large increase in Phishing Scams brought on largely by the COVID-19 pandemic. The image on the right taken from the 2020 SonicWall Threat report Mid-Year Update shows the top 5 COVID-19 Phishing keywords for this period.
The future of work practices will increasingly include remote and other flexible working solutions; however, businesses need to up their game in terms of how they protect their data and their employees while working from home. Published in July, the VMware Global Threat Report found that there was very little confidence among cybersecurity executives, that the rollout of remote working had been done securely.
It’s up to business owners to ensure that their offices and remote workers have adequate security in place to mitigate the likelihood of a successful attack. That said, with all the will in the world, it can very often come down to complacency or an error in judgement on the part of a systems user.
Here are five simple tips that every IT systems user should take note of the reduce the chances of a successful cyber-attack.
- Don’t be fooled by correspondence that appears to know a lot about you. You’d be surprised at just how much data about you is freely available online. Social Engineering allows cybercriminals to reach out to you via electronic means or over the phone and make you believe that you have had some previous contact or professional relationship.
- Don’t rush to forward any data or make any financial transactions just because the correspondence tells you it’s urgent. An urgent email from a director or manager demanding that you make an immediate transaction or forward valuable data to some entity detailed in the email should be treated with the utmost caution. It may well say that the sender is rushing into an important meeting and is not to be disturbed. Confirming the validity of this request will likely save the company a lot of money along with saving your job.
- Don’t take the details provided by the sender at face value. Yes, we all have to deal with busy inboxes on a daily basis. Cybercriminals are counting on this in the hope that you won’t validate the source of the email. Always check the source of an email outside of the email itself, in other words, don’t ring back the number or respond to an email address contained in the email unless you are 100% confident as to its origin.
- Don’t click on links. Many ransomware attacks happen because someone clicks on a link or attachment, granting cybercriminals access to your network. Once again unless you are 100% confident as to the origin of the email and links attached, Don’t Click.
- Don’t be afraid to get a second opinion. The physical disconnection that remote workers have from their offices doesn’t mean that they are on their own. Before I post this, I will ask a colleague to proofread as I may well have a typo or missed something. The same can be said of correspondence that arrives at your inbox. Phone a colleague and ask for their opinion or forward to your IT Support/Security Provider and ask for their opinion. They will have experience with this sort of thing and can quickly tell you if it’s some form of online scam.
The war against cybercrime isn’t going to end anytime soon and as the world becomes more and more interconnected, the battles between the cybercrime-fighters and criminals will become ever more frequent. IT.ie is a leading provider of IT Security Solutions in Ireland, helping hundreds of businesses mitigate against cyber-attacks. If you would like some advice on how to protect your business, drop us a mail at hello@it.ie or call (01) 8424114 and we’ll be happy to help.
