Ransomware operators are becoming more emboldened to target big-name brands in the hopes of extracting a big bounty, and they’re upping the stakes to make a payout more likely.
The list of prominent brands that have been targeted in recent months is long: Luxottica, Carnival, Equinix, Toll, Canon, LG Electronics, and Xerox are just a few. In the majority of these cases, the victim’s files were not only encrypted but also stolen, and then sometimes leaked publicly if the ransom wasn’t paid.
Traditionally a ransomware attack meant a system was left encrypted and inaccessible until a ransom was paid; now there are around 20 different ransomware gangs that also steal and leak files when the victim refuses to meet the hackers’ demands.
It makes the decision of whether or not to pay the ransom quite a bit more difficult.
The recent ransomware attack on technology company Garmin was labelled a “warning” to other big organisations by Wired. Garmin reportedly handed over the US$10 million the hackers demanded to unlock its systems.
Earlier this year Travelex was reported to have paid US$2.3 million to hackers to bring its systems back online. Cloud service provider Blackbaud also revealed it had succumbed to demands from hackers who unleashed ransomware on its network.
And in August travel management firm CWT reportedly paid US$4.5 million to restore 2TB of stolen data and 30,000 computers (side note, if you’ve ever wondered how ransomware negotiations actually go down, check out this Reuters reporter’s Twitter thread).
The problem is – there’s no guarantee your data will be returned or your systems restored. Paying the ransom also encourages this lucrative criminal industry and spurs other hackers to get in on the game, resulting in larger numbers of victims.
It also identifies you as someone willing to pay the ransom, increasing the risk you’ll be targeted again.
Expert advice has long been not to give in to the demands. However, as the FBI noted in updated ransomware guidance last year, the problem has become more nuanced for many organisations.
While it still doesn’t advocate paying up, the FBI says it understands that crippled businesses will need to evaluate all options “to protect their shareholders, employees and customers”.
(For an insight into how a business recovers without paying a ransom, read about how Norsk Hydro got back on its feet after a painful 2019 brush with ransomware).
Tips to avoid a ransomware attack
Ransomware attacks are often perpetrated through vulnerabilities in web-facing systems, email phishing campaigns, and by breaking into remote access systems.
The best way to protect your organisation is to ensure it is strong at the basics:
- Applying software and security updates as soon as possible,
- Using multi-factor authentication wherever possible, but especially on critical systems,
- Ensuring you have current off-site back-ups and a business continuity plan, and
- An educated workforce able to spot things like phishing and social engineering attacks.
A reputable endpoint security solution will also help to identify and block any malware attempting to infect your systems via the devices on your network. Having these important foundations in place lowers your chance of ever having to face the question of whether or not to pay the ransom.