Grundig IT Newsletter
Computing News That You Can Use – July 2021
Quote of the Month: “You only live once, but if you do it right, once is enough.”
– Mae West
The Ransomware Industrial Complex – And How To Deal With It
NOTE: To read this newsletter online or to browse past topics that we have covered over the years, go here.
As the ransomware threat is increasing, different players in the ransomware ‘game’ are interacting with each other to make it ‘worse.’ The main way to measure ‘worse’ is by assessing the total amount of money that is involved in the ransomware system, which has been increasing.
Much like with healthcare in the United States, and higher education, ‘inflation’ is rising faster in the ransomware ‘system.’ For every ransomware attack that makes the news, thousands more attacks are being carried out that you will never hear about – and the ransom demands (and payouts) are much higher than even a year or 2 ago.
Let’s examine the players in this game, which has become more complex.
Now, unlike with the original Cryptolocker, the creators of ransomware are often separate from the people who are springing it upon potential victims. The organizations that are spreading ransomware are often purchasing or renting pre-made ransomware kits from the creators, which means that more people are capable of unleashing ransomware on unwitting victims.
It’s not only victims and perpetrators that are involved in this game. Internal IT departments, and external IT outfits, like Grundig IT and other IT service providers, are spending increasing time, money and attention each month and each year to combat the ransomware threat to businesses. The 3 main areas where expenditures are increasing are on security, backup and education of end users on how to avoid stumbling into a ransomware attack.
However, since none of the above methods are entirely foolproof, insurance companies have entered the game. Grundig IT, like others, recommends cyber insurance. Cyber Insurance companies, as part of their contracts (read your policy carefully see how it works), will often pay the ransom when an organization is confronted with ransomware, and this is happening more frequently. Since the frequency and size of the ransom demands has been increasing, the insurance payouts have been increasing, and rapidly. So more money is entering the system.
This has 2 effects.
1) The cost of cyber insurance policies has been increasing to match the claims.
2) More money overall is entering the game and being paid to the ransomware perpetrators, which is enabling them to refine and improve ransomware attacks and to attack more people.
The danger, when paying the ransom, is that some or all of the data may not be restored properly or immediately. And, regardless of whether the data is eventually restored when a ransom payment is made, there will be downtime and impact to the business. If proper backup is in place and working, data can be restored, often faster than if paying the ransom.
The only way that this can be limited or stopped is to continue to beef up security and backup mechanisms. And to spend more money, time and effort to educate the end-user on how to avoid ransomware attack vectors in the first place, particularly phishing, nasty attachments and other threats that arrive through email.
To decrease the overall amount of money that is entering the system and causing it to get bigger is to employ the above methods to limit attacks or deal with them WITHOUT resorting to paying the ransoms. While insurance is a good last resort, relying solely on insurance payouts increases overall insurance costs and leads to higher premiums, which has been happening over the last few years.
Please consider yourself and your company as potential victims of ransomware and do everything you can to avoid having to pay the ransom: Security, backup and education. Ask us, or ask your own IT provider how this can be done. Develop a plan and put it in place. This will take time and money, but it will be worth it. And it will make you and your company, data and IT systems more resilient against ransomware AND other threats to your data and to your company’s existence.