To Pay or Not to Pay—That Is the Ransomware Question

Ransomware attacks are on the rise. According to one recent industry report, a company will be attacked every 11 seconds in 2021, and the costs from these ransomware incidents will reach approximately $20 billion.

What is behind the attacks? The simple answer is money.

“Ransomware is the biggest, baddest thing in the cybercriminal world right now and has been for the past five or six years,” said NETSCOUT Threat Intelligence Lead Richard Hummel in a recent radio interview with Michael Finney on KGO 810 in San Francisco. “Dating back to the CryptoLocker attackers, ransomware has extorted untold millions of dollars.”

Who Are the Bad Guys?

The cybercriminals behind ransomware attacks range from individuals to organizations to nation states. For example, Hummel mentioned that North Korea has long been involved in cybercriminal activity, including ransomware and DDoS attacks,” he said. “We know several years ago they went after cryptocurrency exchanges. We know they’ve deployed ransomware,” he told Finney. And North Korea is hardly alone in their adversarial activity. “We also know that some of the most sophisticated ransomware operations come from Russia. China is another country of origin for ransomware attacks. There’s probably no part of the world that hasn’t spawned this kind of criminal activity,” Hummel said.

Attacks Have Grown More Sophisticated

In the early days of ransomware attacks, the attackers were less sophisticated, and technology less advanced. The infrastructure used to store encryption keys was often hackable, or even open. Flaws in the code made it possible to create a tool to reverse and unlock the data and systems.

But those days are long gone. Today’s attackers are highly innovative, using techniques and encryption that is virtually unbreakable. There is often no way to secure an encryption key (short of paying the ransom), Hummel pointed out, except in cases where a government or international governmental law enforcement task force intervenes and seizes the perpetrator’s infrastructure.

The Perils of Paying

Businesses who have been victimized by ransomware face the dilemma of whether or not to pay the ransom. Don’t do it, Hummel urged.

“As a security expert, I highly recommend never paying when struck by a ransomware attack,” he said. “I understand this can be a difficult decision to make, and that the need to quickly restore business is a strong motivation. But paying the ransom can have a number of negative consequences. In some cases, a business can be hit with sanctions for supporting a criminal enterprise. And even if you do pay the ransom, the cybercriminals often fail to provide the encryption key to unlock your systems. Even worse, the bad guys have already penetrated your system, and what’s to stop them from using a back door to hit the business again and demand further ransom?”

Learn how to block ransomware attacks in this demo.