·  Legal News, Analysis, & Commentary

News & Politics

To Pay or Not to Pay, Ransomware Attacks Dilemma

— July 15, 2021

Cybercriminals are always finding new and creative ways to carry out their attacks. Serious countermeasures should be considered by the government to stop this imminent threat.

Ransomware is a form of malware that encrypts victims’ files and the only way to restore the data or prevent it from being sold on the dark web is by paying the ransom. There has been a 62% increase in ransomware attacks between 2019 and 2020 and it’s expected to grow even more in 2021.

Biden’s Administration and Cybersecurity

After the recent attacks and compromisations, Biden’s administration promised $10 billion for IT and cybersecurity modernization, and $9 Billion of it will be given to CISA and GSA.

Many experts commented that this will be a good start for the fight against cybercrime and protecting Americans against hacking.

All this didn’t resolve the situation, and it is getting worse. The Metropolitan Police Department was hit with the Babuk ransomware gang – threatening to leak more than 250GB of information unless the ransom was paid, Not long after that, Colonial Pipeline, which delivers 45% of the East Coast’s fuel was also hit with a ransomware attack.

Politics as Usual

The speculations of these security breaches were thrown on Russia’s doorstep and serious actions were taken to sanction Russia, especially regarding the SolarWinds breach and accusations of interfering with the elections. Although the Russian Ministry of Foreign Affairs publicly denied any involvement, Biden imposed a slew of economic sanctions on Vladimir Putin’s government.

According to Treasury Department:

The Administration is “sanctioning more than 30 Russian companies and individuals accused of supplying tools, infrastructure, and technologies for various cyber operations or participating in the election-related disinformation campaign.”

Will Sanctions be Enough?

A padlock superimposed over a blue circuit board pattern.; image by jaydeep_ CC0, via Wikimedia Commons.
Image by jaydeep_ CC0, via Wikimedia Commons.

Sanctions and political talk are not enough, serious actions should be taken. Recently the Department of Justice announced creating a joint task force to solve the problem from the origin. Many tech companies joined forces including Microsoft, Amazon, Cisco, FireEye, and McAfee along with government agencies.

The task force is seriously considering suggesting a law to make paying ransomware illegal, since paying a ransom is encouraging cyber gangs to finance and carry on their activities, but in order for this law to be effective, there should be a well-established strategy on how to respond to ransomware attacks in order to consider not paying the ransom.

Common Mistakes Organization Make When Responding to Ransomware attacks

One of the most common mistakes is thinking that having a backup is enough and trying to delete their data and recover from backup. Organizations should not forget that the aim of the attack is to sell the stolen data on the dark web and that’s what will harm the organization.

The second main mistake is waiting to respond to the attack or being desperate where each minute passes the threat becomes greater. You should isolate the attackers by isolating the network physically and wirelessly as well as removing the infected drives to minimize the damage. One key feature that organizations forget is that the network is traceable and you can leverage your own network metadata to detect traces of the adversary to stop ransomware before any real harm is done.

If you can identify the type of ransomware, you may have the chance to decrypt it. One must consider the price, legitimacy, and reliability of the tool carefully before exploring this option.

Should Organizations Negotiate on a Payment Price?

There are many companies that provide Ransomware Negotiation Services with attackers, but let’s face the truth by negotiating, you’re giving leverage to the hackers and saying that you will submit and pay but will negotiate the right price, this will make you seem desperate. The best strategy is to have an expert negotiator and stall them and prevent your data from appearing on the dark web till you would be able to take the necessary measure to stop the attack, paying the ransom should be the last option after assessment of all the risks and all necessary measures fail, even then according to the statistics, there is a 50% chance that organizations will not get their data back.

Negotiating for paying ransom should be considered after all attempts at decrypting fail.

Seeking help, consulting and informing the authorities is a must before making any executive decision. The situation should not be underestimated and once the impact and severity of the compromise is under control, it’s time to start considering the course of action.

Should I look for decryption keys online?

There are some types of ransomware that you can find their decryption keys online but usually the attackers know this as well and they use different types of approaches and the keys may not work. It’s a good idea to check them out, but you cannot depend on it to fix your problems.

Cybercriminals are always finding new and creative ways to carry out their attacks. Serious countermeasures should be considered by the government to stop this imminent threat.

Join the conversation!