Here, experts from Talion Cyber Security and Closed Door Security respond recent news in which the City of London Police release a fresh warning about ransomware attacks on UK businesses, noting an increase last year in attacks and the substantial impact these have had on SMEs, with an average of 26 attacks occurring a month in the UK over the prior year. The announcement states that Report Fraud are launching a new awareness campaign to try and prepare companies for ransomware threats and provides further advice for companies looking to bolster their defences.
The report also notes the persistent issues around ransom payment underreporting, highlighting the fear that transparent reporting could cause companies to run afoul of compliance regulation, opening them up to liability and further legal issues stemming from cyberattacks.
Keven Knight, CEO of Talion, comments: “This new data and campaign from Report Fraud must act as a catalyst to encourage organisations not to pay ransom demands.
“Based on the data from Report Fraud, it is clear many organisations are falling under attack but failing to report it out of fear of unwanted attention from customers and media, and because they clearly know they are going against government advice.
“It seems highly unlikely that only 323 organisations came under attack in the last year. The genuine number is likely far higher, but these attacks are just not being reported.
“Organisations must understand that paying a demand rarely achieves the goal they are after. Many organisations believe paying a demand provides the fastest route to recovery and normal service, but this is not the case.
“Firstly, attackers will rarely return data in full, while secondly, it can often be returned in a format that completely differs from its original form. This means organisations still have a lot of work to decrypt the data, understand what is missing and rebuild systems. This is a massive job and it’s rarely something that can be done quickly.
“Furthermore, decryption keys don’t always work, which means organisations can pay a demand, but they still can’t rebuild their data.
“Research has also shown that attackers will regularly still keep data they claim to delete, which means organisations are still at risk of it winding up on the dark web, even after they have paid.
“Given all of these issues, paying is clearly a gamble and it can often amplify costs rather than reduce them.
“Organisations must be aware of this and focus on preventative steps to improve their defences against attacks.
“Paying under the radar is not the solution, it only fuels the ransomware industry and benefits attackers.”
Timon Johnson, Principal Cyber Essentials Assessor at Closed Door Security, says: “The stigma surrounding ransomware demonstrates a persistent regulatory problem going back decades.
“The common wisdom is that paying ransoms is fruitless and only marks an organisation out for further attacks. Discouraging payment legally stems from similar logic and is intended to reinforce this notion from above.
“However, to a company staring down the barrel of a serious ransomware incident, this logic goes out the window. Paying ransoms is a gamble given there’s no guarantee that criminals will comply or even be competent enough to decrypt data but given the potential financial ruin that ransomware can inflict, some companies see payment as the lesser of two evils.
“As is evident here, the effect of regulation and payment bans is to suppress reporting and force companies to downplay any losses or payment. Given the volume of attacks, there’s practically no way for regulators to investigate or pursue every company suspected of doing this, making underreporting and omission the de facto approach across industries.
“Ultimately resilience and prevention are the solution to these problems: ransomware can be damaging, but it’s no longer an existential problem when companies adopt proper practices, like maintaining regular and thorough backups, implementing proper access controls, keeping data in cold-storage, and so on.
“A legal framework which incentivised accurate and open reporting around ransomware might help to highlight the seriousness of the problem and encourage more organisations to prioritise prevention, but until then we’ll continue to see reticence and omission.”
UK businesses fear stigma of ransomware – ComputerWeekly
Don’t pay the ransom: Warning to organisations to protect themselves from ransomware attacks as more than 320 businesses affected last year – City of London Police
For more cybersecurity news, click here
