Ransomware and Getting Out of Difficult Decisions
Estimates put the cost of the City of Baltimore’s recent ransomware breach at $18 million, $10 million in costs to recover with another $8 million in lost revenue. The bad actors had originally demanded $76,000 to restore access to systems taken down by malware.
While one salutes the moral stance the City of Baltimore took, refusing to pay ransomware and further encourage the bad guys, they paid a hefty premium over what could have been a relatively painless solution. While utilitarianism and other ethics systems would agree with Mr. Spock’s “the needs of the many outweigh the needs of the few,” a pragmatic approach to business could easily have one exploring the easier but less moral route.
After being down for two weeks, Lake City, Florida, a town of less than 70,000 people, paid $500,000 in ransom to get its data back. Similarly Riviera City, Florida, paid approximately $600,000 for the bad guys to decrypt their data. The pattern is clear, the bad guys have found an unusually lucrative way to make crime pay and the fact that that bad behavior is being rewarded by six figure payoffs provides significant incentive for others to search for victims who are similarly willing to pay to unlock their stolen data.
So, what can you do to put yourself in a better position with regards to ransomware? How can you avoid having to make the decision to do the right thing at considerable cost to your organization or be selfishly pragmatic and reward evil? One of the first steps is to ensure that you have good backups. Of course, everyone thinks they have good backups, until they try doing a restore. When is the last time you tested your ability to restore data from key systems?
Another thing you can do is dig another moat. We often talk about defense in depth and ThreatArmor helps you lay down another layer of perimeter security, blocking up to 80% of malicious traffic including botnets and ransomware. ThreatArmor is updated by Ixia’s Application Threat Intelligence team’s feed every five minutes, ensuring the most up to date coverage of the latest threats.
Of course, your moats may be of little use if your castle walls are not strong enough, and that’s where BreakingPoint comes in. With simulated exploits, DDoS attacks and malware, BreakingPoint helps you test even the most complex environments to ensure that you have everything locked down. Even better, we recently introduced BreakingPoint QuickTest with a simplified UI and preconfigured test suites designed to get you up and running tests - and getting actionable results, quickly.
It’s a rough world out there, but with a little luck and some work and planning up front, you might be able to keep yourself out of the sort of situation where you have to make tough calls with regards to rewarding bad behavior.
Stay safe. By the way, if you would like some help with fortifying your network, please contact us.