Ransomware: Don’t Count on ‘Honor Among Thieves’

For better or worse (and we’re going with worse), ransomware has evolved from “petty crime” to “global security threat” in seemingly short order. But ransomware itself isn't anything new. In fact, according to Symantec, this type of malware has existed in some form or another since 1989, with the first “modern” attack wave hitting in 2005.

Even so, with more media coverage, more variants, and larger organizations being impacted on a regular basis, we certainly seem to be in the industrial age of ransomware. It’s unlikely that the attacks will stop anytime soon, and we’re betting that the sophistication level on these malware strains will only continue to rise. Where does that leave you?

Certainly, there are folks out there who are working to block ransomware attacks and those who are trying to find ways to reverse the locks or encryption on infected files and devices. But the simple reality is that your chances of decrypting on your own (or with help) are slim to none. Which means that you just might have to pay the ransom if you’re hit, right?

Are you getting results from your security awareness training? Our Anti-Phishing Training Suite blends simulated attacks, interactive training modules, email reporting, and results analysis to deliver effective cyber security education that helps you manage end-user risk.

Well, that proposition just got a whole lot riskier within the past few weeks given Kansas Heart Hospital’s experience. Following a successful attack, the hospital initially decided to pay the requested ransom to unlock its data — only to be hit with a follow-up ransom demand after a partial set of its files were decrypted by the criminals who delivered the malware.

This tale certainly blows a hole in the “honor among thieves” notion that has been bandied about with regard to ransom payments. The claim has been that, should you be between a rock and a hard place and agree to pay, the cyber criminals will honor your ransom and restore access to your files. This is a highly risky place to put your money or your faith; beyond the fact that ransomware authors are extortionists, there is always a chance that poor programming could destroy data entirely, meaning that no amount of ransom will bring it back.

If it wasn’t clear before, it should be crystal clear now: Considering ransom payment as your back-up plan (or, heaven help you, your only plan) is akin to playing Russian roulette with your network and your data. Planning ahead is the only viable option for protecting against data loss. You must have secure, regular, and reliable backup systems in place; you need to actively address known vulnerabilities; and you should teach your users how to recognize, avoid, and report phishing attacks, which will help you reduce risks associated with ransomware and other cyber security threats.