Ransomware attacks pose a significant threat to organizations, raising the question of whether victims should pay to recover their private data. The FBI discourages payment, arguing that it may embolden adversaries and fund illicit activities. Furthermore, paying the ransom does not guarantee the recovery of a victim’s files. The U.S. Treasury Department also warns that ransom payments could expose victims to sanctions, despite there being no outright law making such payments illegal.
The Changing Nature of Ransom Attacks
According to Chris Denbigh-White, Chief Security Officer with Next DLP, the nature of ransom attacks is evolving. Initially, attacks often involved blocking access to essential data and offering a “key” to unlock it upon payment. Now, attacks may also involve outright data theft for purposes beyond pure profit. The real threat, Denbigh-White says, is the potential leaking of sensitive data over the internet, which could lead to penalties for violating consumer data-privacy laws and lawsuits by private individuals.
Prevention: The Better Approach
Denbigh-White suggests that the better approach lies in adopting effective measures to prevent bad actors from penetrating systems in the first place. This includes applying multi-factor authentication, ensuring employee vigilance, and regularly updating and patching security software. However, he acknowledges that these fundamental steps are often difficult and uninteresting to implement, especially for multinational companies with thousands of employees and legacy IT systems.
The Slow Shift Towards Effective Cybersecurity Practices
Despite the challenges, Denbigh-White believes businesses are gradually recognizing the need to embrace effective cybersecurity practices. This shift is partly driven by the adoption of strict consumer-privacy regulations and the increasing awareness of the consequences of ransomware attacks. He concludes, “I’m quietly confident that we are slowly moving in the right direction.”
