Even though ransomware attacks decreased in 2018, they remain a major threat in the cybersecurity landscape. So much so, that ransomware was recently featured on 60 Minutes. The story primarily covers three major instances of ransomware, two that affected municipalities, and a third that targeted a hospital.
All three were attacked in a way that encrypted every single one of their files and also encrypted some of the files within their backups, sending the organizations back to operating on pen and paper. Two, despite FBI recommendations, ended up paying the ransom to restore their data quickly, while the third decided not to pay the ransom and went about remediation on their own.
The hospital was hit with a $55,000 bill, while one municipality (Leeds, AL) was able to negotiate payment down to $8,000. These ransom sums may not appear astronomically high, but that’s exactly how the hackers keep going. If they requested millions in ransom, no one would pay. An amount in the solid five-figures, though, feels doable for most organizations to get their precious data restored. The third entity (Atlanta, GA) suffered millions of dollars in losses and time in efforts to recover. Some of their data could never be recovered.
The story presented a very clear picture of the dangers surrounding ransomware; however, there were two major issues in the story. First, the entities covered were obviously major entities implying that you needed to be in the public eye to be affected. This is certainly not the case. In fact, nearly 50% of small business owners say their business was affected by a cybersecurity attack in the last year. Ransomware is not just for highly public entities.
Perhaps more importantly, the story painted paying the ransom as the cheaper and often faster way to go. In very rare occasions, paying the ransom is the only option; but if you’re stuck in a ransomware trap, we do not recommend jumping straight into paying the ransom. Here’s why:
Ransomware attacks may be on the decline. However, that just invites the hackers to come up with a more creative way to scam you out of time and money. Perhaps phone ransoms are coming next. Regardless of what the hackers create, make sure you’re prepared and don’t have to rely on paying a hefty ransom to keep your business in operation.