4IR Simplified
John Tseriwa
DID you know that in 2023 alone ransomware payments hit a record high of US$1,1 billion? This is according to a new report from crypto-tracing firm Chainalysis.
Even though this figure is higher than the 2022 figure, it seems fewer victims of ransomware are paying the ransoms that hackers are demanding. In fact, according to Covware, ransomware payments plunged in the fourth quarter of 2023, with only 29 percent paying, down from 70 percent and 80 percent between 2019 and 2020.
The figure is rising because, even if the payments are going down, there are more ransomware attacks.
Covware is a response firm that frequently negotiates with ransomware criminals on behalf of victims. Even closer to home, Sophos’ State of Ransomware in South Africa report for 2024 revealed that the mean ransom payment made by firms was US$958 110 (R17,9 million).
This is a worrying statistic for every business.
It seems ransomware is a growing problem, even in Africa.
Ransomware is a malware that literally hijacks your files. It infects and encrypts your files, leaving you helpless.
The attackers then demand a ransom in exchange for a decryption programme.
As a result, you become vulnerable and liable to lawsuits for losing confidential customer information. The easy way out could be to pay the ransom, right?
However, remember you are dealing with criminals, so paying the ransom is not a guarantee that you will get your files.
Let us look at the root causes of ransomware attacks, and then discuss how to respond to ransom demands.
According to a Sophos report, The State of Ransomware 2024, 99 percent of organisations hit by ransomware were able to identify the root cause of the attack, with exploited vulnerabilities the most identified starting point for the second year running.
It is worth noting that the report states that email emerged as the top attack vector, with 34 percent of respondents reporting it as the entry point. Malicious emails containing malware links or attachments were nearly twice as common as phishing attempts.
As simple as it sounds, phishing attacks often precede credential compromise, making them a crucial first step for attackers.
This is prevented by cybersecurity awareness training across all users, starting from the executives, as they are usually the victims of business email compromise.
Solutions like KnowBe4 — an artificial intelligence (AI)-powered, new-school security awareness training and simulated phishing — allow organisations to increase awareness and change user behaviour.
Ransomware attackers also target weaknesses in business applications and tools to gain access. Business should invest in taking control of their attack surface by deploying risk-based prioritisation of patching.
There are several solutions that businesses can use to stop cyberattacks, even before they start.
For instance, the Sophos Managed Risk, which identifies high-priority cybersecurity vulnerabilities and potential attack vectors in your environment, allows action to be taken to prevent attacks before they disrupt your business. In the unfortunate case that you or your business are a victim of a ransomware attack, should you pay the ransom?
Well, it makes sense just to pay the ransom and recover the data, although many firms never admit to it.
In some instances, companies opt to pay because it is considered the easy way out.
The ransomware attackers are more like blackmailers, and paying will lead to recovering the data faster.
The other reason is to protect customers’ and employees’ confidential data, so firms will just resort to pay to minimise the damage.
The ransomware attackers sometimes issue threats of further consequences, compelling the victims to pay the ransom out of fear.
While attackers promise a decryption tool and silence in exchange for a ransom, there is no guarantee you will get all your data back or that they will not leak it, anyway.
Law-enforcement agencies do not recommend paying ransom, because doing so encourages continued criminal activity.
In some cases, paying the ransom could even be illegal, because it provides funding for criminal activity.
Ernst & Young urges businesses to fortify their defences against ransomware attacks.
This goes beyond just information technology safeguards.
They recommend considering cybersecurity and business interruption insurance.
It is important for firms to have a dedicated cybersecurity response team on retainer.
Firms should consult with legal counsel and cyber insurance providers to establish a clear corporate policy on the legality and potential use of ransom payments.
Paying ransom is like negotiating with kidnappers. It requires careful consideration, with full awareness of the risks involved.
It must also involve various stakeholders.
Organisations should conduct proactive exercises with relevant teams, predefine response options and rehearse their execution.
This is even more crucial, as attackers are constantly becoming more sophisticated.
They are not just encrypting data anymore; they are even stealing it, anticipating victims who might choose recovery from backups.
John Tseriwa is a technology entrepreneur. He can be contacted on: [email protected] or +263773289802.
