By paying the very high sum of $11 million to hackers following a ransomware attack, JBS, the world’s largest beef supplier, illustrated how such attacks are spiralling out of control and how the stakes are only getting higher.
Meanwhile, against this form of attack there is a debate raging over whether to ban paying ransom in these situations is intensifying in Washington.
Looking at the arguments and the necessary defenses required for Digital Journal is security expert Randal Pinto, Co-Founder and COO of Red Sift.
Pinto has considerable experience with these kinds of attacks and because of that, he cautions a blanket ban on paying out for ransomware requests is not the answer by itself.
Pinto considers how executives should respond to these crimes, noting: “A number of recent attacks targeted national infrastructure and large supply chains, so there could be other motivation besides profit.”
In weighing up the dilemma, Pinto puts forward: “Often, the financial cost of paying the ransom is lower than the impact inflicted by the attack so whatever ban is put in place has to be coupled with investment on improving the defenses of businesses and on dealing with any aftermath of an attack.”
The counter argument is that paying extortionate ransoms only encourages cybercriminals to continue their practice. Instead, companies should contact their local law enforcement agency and report the attack.
Yet, if a ban is put in pace it is possible there will be more lethal attacks taking shape, as a consequence of cyber-criminal groups seeking to increase the disruption to business.
Yet for bigger businesses, the economics might drive a different decision. Approximately 56 percent of ransomware victims paid a ransom in 2020, according to a survey of 15,000 consumers conducted by global security company Kaspersky. Yet, this is not something that should be entered into lightly.
Pinto cautions that while: “When responding to these kinds of attacks, negotiating or paying the ransom should be the absolute last resort as you are dealing with criminal organizations who have no obligation to deliver on their side of the deal” However, some situations require an alternative response.
His advice of what to do when an attack happens is: “Following a suspected attack, do not delete data. Instead, isolate the affected system and preserve their states for forensic analysis. Do not communicate on the impacted network as this might provide additional information to hackers.”
