Last year, in 2021, the U.S. division of a global meat company paid 11 million USD to solve a ransomware crisis. One of the company’s officers confirmed it to the Wall Street Journal, explaining that it was the right thing to do for its customers.
Further detail clarified that the payment was sent once that most of the affected processing plants became operational again.
Eleven million is a lot to pay as a ransom. The scheme is profitable for the wrongdoers, so why is it that they’re asking for more money every time? How can your company remain safe from a ransomware attack so that you don’t have to pay that much money in the first place?
The increasing demands.
The average ransomware payment was 170.404 USD last year, according to Sophos. The highest amount was 3.2 million USD. That’s not even a third of what the meant company had to pay.
But as high as eleven million dollars are as a ransom payment; it’s not even the highest ransom paid during the current year. Last year, one of the largest insurers in the country got set back by 40 USD million. That’s the greatest quantity demanded so far in a ransomware attack.
That simply means that the attackers have their eyes open and know that larger companies can afford to pay higher ransoms because they won’t pay on their own. Ransom demands went up by twenty million over the year’s initial half. Most victims didn’t pay the whole ransom as demanded by the attackers.
They went through negotiation and saved some money in the end. And their cyber insurance policies paid for some (maybe all) of the cost of the ransom. So, if you are big enough, things will work out fine for you, even as a victim. The problem is that the attack’s success validates the wrongdoer’s tendency to keep asking for more money, which is precisely what they
Why do victims pay, anyway?
As in so many other things in digital security and privacy, the correct answer is “it depends.” Different victims pay ransoms for different reasons.
For some, it would be just too expensive to recover from a ransomware attack. Suppose you are a big, well-organized corporation with a good IT department that keeps everything backed up and current. So yes, you would have everything you need to recover control over your organization by restoring your backups. But there are two problems with that. If you are that big, then the restoration process could take weeks, not minutes.
And if you don’t know when you acquired the ransomware infection, then you’ll be restoring the seeds of chaos, and you will come up against the same threat once more. So paying the ransom up front is not an outrageous option when you consider your other possible choices. It’s better, for sure, than to have your organization living in limbo for a couple of weeks while the restoration takes effect.
That same logic applies, even more, when the victim is a governmental agency responsible for the country’s vital infrastructure operation. Disruption of any kind is not an option here, let alone a protracted one. We’re talking about profound economic consequences, public safety, and even national security. So paying the ransom quickly looks like an even more attractive option in this situation because service restoration is a critical priority.
We saw one such example only last month. A U.S. pipeline company got infected with a piece of ransomware. The organization suspended operations – millions of gallons of fuel remained undistributed. Then, it paid the 5 million USD ransom. The FBI recovered some of the Bitcoins in question (the ransom was delivered in the cryptocurrency) from a digital wallet owned by the ransomware affiliate.
And then, the crypto-malware industry has moved beyond the problem of simple data recovery. Gangs are organizing into cartels that threaten to publish. Thus they can impose a ransom so the victim gains back its functionality; then, they can ask one or more further payments to keep their confidential data from being released online.
No organization on earth needs or wants to face this nightmare. This was also one of the reasons that made the meat company pay the ransom. Attackers know they hold all the cards, so they keep raising the stakes because they know they can.
Precautions against more ransomware
While paying ransoms is convenient in immediate terms, it’s against the victim’s interest to play the attacker’s game. Paying is showing support, even if unwilling, for the business model that targets the victim as such. Additionally, there is no genuine guarantee that the compromised data can be recovered.
So it’s all a vicious circle. The hackers plant malicious software in an organization. It takes control over the organization’s resources then it asks for a ransom to be paid. The victim sends the payment to save time and energy. The criminals confirm that their method works, so they are encouraged to try it again on a different victim. And it all starts over.
The only way to break the circle is to prevent ransomware infection in the first place. This is not as tough as it could seem. Training an organization’s personnel on security awareness, so they know how to avoid phishing attacks and other ransomware delivery methods. Technical solutions can help as well. Intelligent security analytics can go a long way in avoiding the most critical threats that loom over a company or organization.
Ransomware is becoming a frequent problem in our digital world. It pops up out of nowhere for the victim and takes over an organization’s resources and means of control. Understandably, the victim’s first priority is to restore control over its organization, as well as its functionality and ability to carry out its daily work, so it’s no surprise that most victims choose to pay as quickly as they can, even if they try to negotiate with the attackers to lower the ransom’s cost.
So the problem is solved. But the attacker learns how successful the scheme is, so he’s bound to try it again and to ask for more money next time. And if the attack included collecting the victim’s critical data, then the threat to publish that data could earn him even more payments down the line.
The unfortunate truth about paying for the ransom is that it is equivalent to cooperation with the criminals. Yes, you do get what you want by paying, but so do them. So as long as the scheme works, it will keep happening, always more frequently and at higher costs to the future victims.
The world must put the ransomware criminals out of business as soon as possible, and the only way to do that is by proactive prevention. A combination of human and automated measures must come into place to make sure that an organization won’t fall prey to ransomware attacks in the future. It takes effort, for sure. But it’s possible.