IT Security: Companies increasingly yield to ransomware demands

Share This

That strategy may only embolden cybercriminals, who view stolen or encrypted data as a powerful weapon.

Faced with few options, companies are increasingly giving in to cybercriminals who hold their data hostage and demand payment for its return, while law enforcement officials struggle to catch the nearly invisible perpetrators.

The risks to organizations have become so severe that many simply pay their attackers to make them go away – a strategy that may only embolden the crooks.

It is a case of asymmetric electronic warfare. Ransomware, which encrypts files until a victim pays to have them unlocked, can be devastating to an organization. Barring an up-to-date backup, little can be done aside from paying the attackers to provide the decryption keys.

Unlocking the encrypted files is often near impossible.

Less common but just as harmful are extortion schemes, where attackers claim to have stolen critical data and threaten to publicly release it unless their demands are met. Timeframes are tight: Hackers may give a company less than 48 hours to comply, setting off a race to confirm what data, if any, has been stolen.

Ransomware and extortion schemes offer advantages over other methods of cybercrime. Rather than stealing data and needing to find a buyer for it in risky transactions that take place in underground forums, a vulnerable victim is approached for payment directly.

The costs involved are hard to estimate considering all the factors involved, but they could reach over 300 million dollars per year.

Groups conducting the attacks are difficult to find. They are experienced at covering their tracks and demand payment in the cryptocurrency bitcoin, which makes payments hard to trace.

But happy endings are uncommon. The most well-documented ransomware incidents have hit the medical industry. Hollywood Presbyterian Medical Center in Los Angeles paid 40 bitcoins — about $17,000 — to decrypt its files.