Ransomware attacks remain a significant threat to organizations worldwide, with cybercriminals continuously evolving tactics. Despite long-standing advice from cybersecurity experts against paying ransoms, many businesses still opt to pay, hoping for the safe return of their data. However, this approach often fails and perpetuates the cybercrime cycle, increasing calls for making ransom payments illegal.
Recent data indicates a positive shift: only 34% of organizations now pay ransoms, marking an all-time low. This suggests that nearly two-thirds of targeted businesses refuse to succumb to attackers’ demands. While this decline is encouraging, the goal is to reduce ransom payments further.
However, when organizations pay the ransom, they reinforce to bad actors that their tactics are working. Thus, the attacks will continue as the actors, confident in their ability to extort money from victims, continue their efforts. Paying also increases the chances of repeat attacks, marking the organization as an easy target for future extortion.
Paying up is no guarantee that the encrypted data will be restored. Attackers often provide fake decryption keys, demand more money, or simply vanish without fulfilling their promises. This leaves companies worse off, losing their data and money.
Despite the warnings, organizations are still paying. As of this writing, reports indicate that Panera Bread, a US-based restaurant chain, paid a ransom in March. The much-publicized ransomware attack in which Change Healthcare paid a reported $22 million has led to a deluge of similar attacks against other healthcare organizations—more than at any time in the past.
The rationale for paying ransoms is often driven by the urgent need to restore access to critical data. However, cybersecurity professionals strongly advise against this practice, advocating instead for a comprehensive, layered cybersecurity strategy to prevent ransomware attacks from succeeding in the first place. Paying a ransom does not guarantee restored access to data or even quick access to locked data.
To Pay or Not to Pay
Some experts and regulatory bodies propose making ransom payments illegal to deter ransomware attacks. The logic is straightforward: if no one pays, the financial incentive for cybercriminals disappears. Although 34% of targets still pay ransoms, eliminating this option could significantly reduce the profitability of ransomware attacks, discouraging cybercriminals.
Implementing a ban on ransom payments poses immediate challenges for businesses, which may find it difficult to combat ransomware without the option to pay. Recognizing these challenges, the International Counter Ransomware Initiative (ICRI) suggests governments and institutions could provide financial aid and resources to support affected organizations, fostering a collaborative approach to mitigating ransomware risks.
If these initiatives fail, cyber insurance remains a vital option for protecting an organization from the financial loss of such attacks. Cyber insurance politics cover ransomware payments under strict conditions that require insurance approval before any payment is made.
In such instances, insurers can create a lot of red tape, and payment is offered only when all mitigation strategies are exhausted. In such cases, law enforcement involvement is mandated, establishing clear protocols for collaboration during ransomware incidents. While such policies are a proactive measure to reduce financial loss, the legwork to collect on the claim is copious.
Another problem with these policies is that they limit the loss to the policyholder through capped amounts. A policy with a $100,000 limit may not cover ransom demands exceeding this amount, leaving the attacked organization to cover any cost overruns.
Email: Primary attack vector
Ransomware primarily infiltrates systems through email, with 66% of infections stemming from phishing emails and scams targeting unsuspecting employees. As attackers become more sophisticated, they employ tactics such as malicious links, attachments, and QR codes to deploy ransomware. Organizations must educate their staff to recognize these threats and implement robust cybersecurity measures.
Proactive threat detection is necessary in the fight against ransomware. Research from VIPRE Security has found that of more than 7 billion processed emails, as many as 13% were identified as malicious.
Advanced email security systems have been pivotal in identifying and protecting against these threats.
One notable feature is the ability to isolate and analyze links within emails, which has protected users from millions of potentially dangerous clicks. Technology advancements have enabled the detection of nearly half of all malicious emails through content analysis and the other half through link detection.
Further illustrating the sophistication of modern threats, millions of emails have been flagged for malicious attachments, and advanced behavioral analysis has identified numerous never-before-seen threats. Tools that analyze webpage behavior have been particularly effective, ensuring real-time protection without lag.
Implementing rules to detect statistical patterns and indicators related to malware families has also been highly effective. These measures have captured millions of generic malware instances each quarter, with a notable increase in detection towards the end of the year.
Conclusion
The battle against ransomware involves preventive measures, legislative action, and strategic insurance policies. Integrating advanced email security solutions and proactive threat detection further strengthens defense mechanisms.
While the reduction in ransom payments is a positive sign, ongoing efforts are essential to diminishing the threat further. Organizations can better protect themselves against this persistent menace by fostering robust cybersecurity practices, considering legal frameworks against ransom payments, and leveraging cyber insurance.
About the Author
Usman Choudhary is general manager of VIPRE Security Group. You can learn more about VIPRE at https://vipre.com/.