Back To The Blog

Ransomware: What Can Go Wrong, Might

Ransomware/Malware / June 29 , 2017

Q&A with Chris Novak of Verizon

Even as public awareness around ransomware grows, many companies find they are still unprepared for this malicious exploit when it hits. Often, organizations find that despite their best intentions to cooperate with the perpetrators, they still may not get their data back. I talked to Chris Novak, global director of the RISK Team at Verizon Enterprise Solutions, about some of the pitfalls associated with this increasingly common crime.

When it comes to ransomware it’s almost like the early days of data breaches where people just assume this will happen to other companies and never their own.

Are organizations typically prepared for dealing with a ransomware incident?
No. Many still don’t have incident response plans and playbooks that include ransomware. When it comes to ransomware it’s almost like the early days of data breaches where people just assume this will happen to other companies and never their own. That may be because the nature of this data breach seems much more targeted and personal, but the truth is that it’s not. And many organizations that do have incident response plans assume that what’s in there will cover it but when it comes to ransomware everything is on a much shorter timeline—it could be a couple days to a week to turn over the ransom. If the leadership is philosophically opposed to paying a ransom that can also create a challenge when it comes down to the wire and everyone realizes that this might be the only choice to get their data back.

What are some other hurdles companies face in meeting those deadlines?
With medium to large size entities it may take a week or more to get the executive consensus on the issue, and at that point the data might be gone. Another concern is that most organizations don’t have a Bitcoin wallet setup and funded, which presents logistical challenges. It’s not as simple as wiring money to an account, and it often takes time to secure a large amount from a regulated exchanger.

Where can a ransomware situation go really wrong?
When an organization tries to handle everything themselves. They might start trying to play around with their systems to try to prevent the ransomware from spreading before getting professional help. Some modifications or controls implemented to the system could handicap or destroy the ransomware such that it also can no longer restore your data. When you get the decryption key in that situation, it’s like having a key but the lock has been so badly damaged that the correct key will no longer open it, and there’s no way to recover the data. Another thing we’ve seen is where the criminals are captured before the organization has paid the ransom, unbeknownst to them, and the money gets wired to an account that no one is checking, with no way to get the data back. Let’s look at the recent Petya ransomware outbreak that Verizon was investigating this week as an example of where a takedown had muddied the waters for some victims. In the Petya case, the ransomware instructed victims to send their funding information and decryption request to a specific email address. However, the email provider quickly shut down the threat actor’s email account. If you were a victim that was planning to pay the ransom and get your data back, you’re out of luck. And to make matters worse, the Petya ransomware is likely to continue floating around the internet for months or years infecting more victims.

What can companies do to better prepare for ransomware incidents?
First of all, understand that it can and likely will happen to your organization. These attacks are opportunistic and not personal. The attackers want the ransom and not the data, and they cast as wide a net as possible—they don’t care who you are as long as they get paid. Have good backups and create a contingency plan if you choose not to or can’t pay the ransom. Create a system for buying Bitcoin and keep some on hand ahead of time.

In summary…
We want to thank Mr. Novak for his insights here into ransomware attacks. This peril is one of the more active cyber threats of the moment, with the ability to significantly impact even the most prepared and forward-leaning companies—largely because it’s facilitated by phishing emails sent to unsuspecting employees. This threat also is responsible for the growing number of cyber liability insurance claims that we’re seeing paid out on a weekly basis by many of our insurance partners that cover ransomware events. Having an actionable data breach response plan is vital (to learn more about our Breach Plan Connect service visit us here).

Tags

Related Blog Posts

10 Cybersecurity Tools Every Small-Medium Business Should Have in Their Arsenal

What You Need to Protect Your Data

SMBs have unique cybersecurity risks that should be managed with appropriate tools. Here are the top tools and some mistakes to avoid when implementing them.

Continue Reading

8 Things Every Business Should Know About Cybersecurity

Top Tools and Tips for Cyber Risk Management

Cyber risk is always evolving but every business needs to understand the fundamental threats they face as well as the key tools for risk assessment and mitigation that can help them improve their cybersecurity posture.

Continue Reading

From Afghanistan to Ransomware

A Q&A with Melissa Ventrone of Clark HIll

As an attorney in the cybersecurity and privacy space, Melissa Ventrone draws on her military background to keep clients calm, manage complex logistics, and help them mount a successful incident response.

Continue Reading
Visit Our Blog

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download
Solutions
About
Contact

P.O. Box 204
Gladwyne, PA 19035
610.896.9715

© 2024 NetDiligence All Rights Reserved.