The dilemma
The dilemma then arises whether to pay the ransom and have the data decrypted/retrieved or not to pay the ransom and lose the data permanently. Again, is there a guarantee that once the ransom is paid to the attackers, the data will be decrypted, and the attackers will stay away from launching further ransomware attacks? While addressing this dilemma, the ethical consideration of the cybersecurity profession must be highly esteemed. This leaves CISOs (chief information security officers) with the challenge of adhering to the ethical standards of their profession, ` which in most cases discourages the payment of ransom to cybercriminals and the need to retrieve the lost data for their organization.
The growing ransomware trends
One of the worst launched
ransomware attacks in recent time (2017) which spanned across industries and
continents was WannaCry, which when launched blocked user access to files or
systems, holding files or entire devices hostage using sophisticated encryption
technologies. Over $500million was estimated to have been paid in ransom to the
attackers, thus making the crime of launching ransomware attacks a rather
lucrative venture. According to Helpnet Security, there were nearly 293million
ransomware attacks in 2021, see fig 1. This is an increase of about 134% of the
attacks in the previous year 2020. STATISTA depicts a similar ascending
scenario between 2016 and the first half of 2022. However, according to
statista.com, the number of ransomware attacks/incidents recorded in 2016 is
higher than those recorded in successive years as shown in fig 2. This they
explained was due to a lack of investment in tools that could prevent these
attacks or a lack of sufficient awareness of the trend among ICT professionals.
Figure 1
Ransomware attacks between 2017 and 2021
Fig. 2: Ransomware attack trends according to STATISTA 2022 report
Should data breaches be handled transparently?
Whether or not the handling of
data breaches should be made transparent such that affected user groups realize
the breach depends on the industry in which the victim organization operates. With
the LockBit ransomware attack launched on Accenture’s network, the crime actors
had already published some of the stolen proprietary information on their websites
thus the customers of Accenture were already previewed to the attack hence the
handling of the attack could best be done transparently to allay the customers’
fear. For our Ghanaian setting, if the attacked victim organization is in the FinTech
or banking industry, it will not be ideal to handle the attack transparently
since this could lead to panic withdrawal and consequent potential collapse of
the affected victim organization. This is premised on the fact that the technology
acceptance readiness level of most Ghanaians is not fully fledged, hence there
is still a lot of doubt in the minds of people about the security and safety of
their digital assets and investments. Hence, the need for the exercise of full
disclosure should be looked at with much care.
In the fast spate of global digitalization, more people and organizations are adopting and adapting to the use of digital and online platforms to improve their business processes. More data is being stored on cloud platforms than ever in history; thus, there is a rather sharp increase in the patronage of digital solutions. Owing to this, and the trend depicted in the graph in fig.1, there will undoubtedly be more occurrences of ransomware attacks since cybercriminals are finding it more rewarding. The time to nib this menace in the bud is now. All cybersecurity professionals must reconsider advising their organizations to paying these ransoms and rather invest these monies in building more complex solutions to defend their company’s digital information. This will serve as demotivation for cybercriminals.
Should ransom be paid?
Regarding payment of ransom, the
only advantage is that the organization stands the chance of retrieving its
stolen data either fully or in part, though this sometimes is not guaranteed.
In the heat of the breach, the focus of most victim organizations is to
retrieve the data as soon as possible to ensure business continuity other than
reinventing the wheel to rebuild the data. However, the aftermath of the breach
after the ransom payment presents more disadvantages for posterity. One such
disadvantage is that more criminals are going to find it more rewarding to
develop ransomware and to launch more such attacks on other organizations,
especially those with huge balance sheets. In a nutshell, payment of ransom
comes with immediate but temporary benefits and a long-term disadvantage to other
organizations or individuals.
Finally, it is my candid view that a victim organization must consider dealing transparently with cyber criminals regarding a launched ransomware attack. This should be a strategy intended to cause the criminals to compromise so that as much support as possible could be received in order to retrieve the lost/stolen data. The transparency should, however, be limited only to the breached data. Again, transparency should be considered with discretion such that in the process of engagement, the criminals will not get the impression from the onset that the victim organization will refuse payment of the ransom since this could cause the criminal to destroy the data entirely and walk away. Ransom should not, under any circumstance, be paid to any cybercriminals.
Conclusion
In conclusion, a ransomware attack is a threat to the global ambition for digitalization being spearheaded by the United Nations under its Sustainable Development Goals. The persistence of such attacks, especially in the growing era of digital currency and ecommerce, could defeat customers’ confidence in digital solutions, especially in financial transactions and in protecting personal data. Hence, I advise organizations to create backups to safeguard them against breaches in the event of ransomware attacks other than rushing to pay a ransom, thus creating jobs for cybercriminals. Remember, any ransom you pay feeds a hungry cybercriminal.
Author: Elolo Alfred Konglo | Ag. Head, ICT Infrastructure, Directorate of
ICT, Ho Technical University | Regional Communication Director,
IIPGH, Volta/Oti
For comments, contact Email: ekonglo@htu.edu.gh or Mobile
0244304540 or 0572089098
Source: iipgh.org
No comments:
Post a Comment