5 harsh truths about ransomware attacks:
The Art of the Deal.
If lawyers know how to do one thing, it's negotiate. However, attempting to drive down the price of a cyber ransom carries particularly
. “The last thing you want to do here is something that makes the bad actor walk away and not get back the keys if the client isn’t able to recover the data on their own," said Roy Hadley Jr., special counsel at Adams and Reese. Just how far an organization is willing to push a hacker at the negotiation table will likely depend on the value of the data held hostage and whether any backups are in reserve. Whatever the agreed-upon number winds up being, it's best to pay it out in installments. After all, they are called "bad actors" for a reason. "[Hackers] give you keys and they don’t work, or they give you keys and the files are corrupted,” Hadley said.
Say what you will about hackers, but they are a highly motivated bunch. The advent of bitcoin and other anonymous payment methods has only further
deployers of ransomware, who had previously been stymied by a way to successfully collect their bounty before decrypting the data they've stolen. Bitcoin, however, provides an anonymous method for quickly transferring funds. "That has completely changed the dynamics, and it’s the last piece of the puzzle that has made ransomware much more of a viable way of securing money for organized crime and other illegal organizations," said Eric Thompson, Kroll's managing director of Kroll's cyber risk practice.
Go Big or Go Home.
Ransomware attacks are not just targeting individual companies or organizations. Cities have also had their fair share of run-ins with bad actors who take their systems and infrastructures hostage. Michael Waters, a shareholder at Polsinelli, said that cities make for attractive marks due to a reputation for insufficient backups and dated IT systems. “Unless that changes, I think that they will continue to be a target of hackers,” Waters said. Last July, the U.S. Conference of Mayors
a resolution urging cities not to pay ransomware attacks, but even that strategy may not be feasible on every occasion. “If you have your town or city’s health care shut down or water waste shut down ... what is there for you to do? Just restart everything from scratch?” said Jarno Vanto, a partner at Crowell & Moring.
Law Firms Carry a Bullseye.
There's no easy way to say it, but law firms are like catnip to deployers of ransomware."The thing about law firms that makes them a lucrative target is because they are so dependent upon the data they have and that data is extremely sensitive, which makes them an ideal target for both data extraction as well as ransomware," said Thompson. At the same time, ransomware attacks in general are becoming more
, with bad actors trading a hit-and-run approach for something a little more deliberate. "They often establish multiple back doors, they can wait for weeks, months or years before executing a lethal attack," Thompson said.
The Threat Within. Bad actors looking to gain access to sensitive information worth ransoming sometimes don't have to climb a fence so much as walk right through the door. Phishing emails, for example, turn a company's own employees into its greatest vulnerability. "As we’ve seen, for example in the most recent security breaches, many of the errors and breaches and mishaps are caused by people, so companies need to do much more to train their employees, monitor what they do and increase their awareness," said Francoise Gilbert, CEO of the cybersecurity consulting firm DataMinding. For law firms, those efforts might include learning to think before you click. “Why would a former client, after two years, ask me to open this attachment?” said Jon Washburn, chief information security officer at Stoel Rives.
The FBI in October announced that cybercrime incidents had “sharply declined” since 2018. Still, that doesn’t necessarily mean that the citizens of cyberspace can sleep easy.
It turns out that crime really does pay sometimes, and bad actors still have plenty of incentive to infiltrate organizations—and sometimes even cities—and hold sensitive information hostage. Poor cybersecurity and anonymous online payments have both reduced the barriers and lowered the risk of getting caught. Basically it’s rabbit hunting season.
And while there are steps that entities can follow once their data has been taken prisoner, even those carry no small degree of risk. Here are a few of the many harsh truths surrounding ransomware and how to deal with an attack.