Ransomware, Insurance, and Backups - Circuit Magazine

Most people are not aware of the real impact and threat of ransomware campaigns going on almost constantly.

Most people are not aware of the real impact and threat of ransomware campaigns going on almost constantly. While I’m sure everyone knows of the ransomware attack on the Colonial pipeline and the more recent similar attack on JBS, these are only the latest and most visible in a continuous stream of attacks. These are just the tip of the iceberg. The true scale is hidden not only by the media but also by a reluctance to talk about the problem.

In the Colonial pipeline case, a ransom payment was made of $4.4 million. It sounds sizable. Estimates of the worth of ransomware as a global industry range between $1 to $10 trillion. That means if every single ransomware attack received the same payment as the Colonial pipeline, we would be looking at a minimum of 200 000 such attacks each year, more than 500 per day. The vast majority of attacks do not even come close to that level of fine, so we are looking at a lot more incidents, impacting a huge number of people every day.

So what is ransomware?

The layman’s view of ransomware is software that encrypts some files then demands payments to decrypt them. However, modern ransomware organisations are becoming more sophisticated. The encryption of files still happens, though attackers will often exfiltrate information and threaten to publish it if payments are not made. Partial publications are often made to back up the threat. And quite frankly, there is no guarantee that on payment of the ransom, the victim will receive their data back, let alone prevent future threats and publication. What is guaranteed is that they are now marked as a potential income source for future attacks.

It’s also important to note that much of today’s ransomware is effectively a commercial product. Criminals can license the software or purchase it as a managed service and deploy it where they’ve already gained access. Alternatively, and growing more and more common, a group may license the core software, customise it, and buy access to organisations from access brokers who make their living simply by finding ways in and selling that on.

Even where payment is made, and the keys are provided to decrypt the files, there are no guarantees that they will work faster than restoring from backups, if they work at all.

What are the good guys doing?

Many security researchers look for ways to break or exploit ransomware, finding ways to decrypt files that don’t require any communication with the attacker. This is an ongoing battle, and the debate still rages about whether to publicise these tools or keep them quiet. In a recent case, a certain well-known security company published their decryption tool using a hole in the software discovered by a researcher. Of course, the ransomware organisations have access to the same internet as the rest of us, found the tool, reverse engineered it, and improved their software to prevent the hole from working in future.

What’s the real impact?

Cases like the Colonial and JBS attacks are well-publicised and relatively rare. The vast majority of attacks never reach the headlines, and just as with everything else in business, most of them don’t affect such high-profile organisations.

In 2017 it estimated that one-third of small businesses worldwide were affected by ransomware. Of these one fifth had to cease operations. Not a temporary stoppage as Colonial and JBS with insurance and reserves to get through the incident enacted, but permanently closing their doors. Most of these attacks succeed because of human error, not a clever technical vulnerability. From what we know of the Colonial attack, like the SolarWinds attack, which has largely been forgotten but ended up giving the attackers root access to government agencies and military research organisations worldwide, it was down to a poor password choice.

Many businesses that haven’t been impacted by ransomware believe that they aren’t a target. Even some who have been subject to small incidents assume that they will not be affected by anything larger, despite often not even understanding how the malware got onto their systems in the first place.

What can businesses or individuals do?

There are two parts to dealing with ransomware attacks. The first is prevention, and often that’s simply being above the exceptionally low bar set by other businesses in terms of security. Ransomware groups are well-resourced and technically skilled, but they are eager to extract maximum profit for minimum effort as with any other profit-minded organisation. Closing down the easy holes, carrying out just basic security hygiene, requires them to expend more effort, so they will often move on to another victim. Until the entire world has got up to a basic level of security, this tactic will keep working.

The second part is to ensure thorough backups and a disaster recovery strategy is in place and tested. While ransomware exists that will hibernate, making sure to infect backups, this is rare as it requires additional effort and thought. In addition, knowing that you can restore operations within a few hours after losing systems removes the threat of ransomware.

How about insurance?

AXA recently announced that they would no longer be making payouts for ransomware as part of their cyber insurance policies. Unfortunately, others may follow suit, as ransomware is one area where insurers seem to have misjudged the risk. Worse, there are known cases of companies with insurance policies being targeted, but the ransom payments are set at a level known to be covered by the insurance policy. In effect, insurance companies have been subsidising the ransomware industry, driving up payments by making payouts available to their affected customers.

Cyber Security Fundamentals – Ransomware, Insurance, and Backups
By James Bore

James Bore is an independent cybersecurity consultant, speaker, and author with over a decade of experience in the domain. He has worked to secure national mobile networks, financial institutions, start-ups, and one of the largest attractions’ companies in the world, among others. If you would like to get in touch for help with any of the above, please reach out at james@bores.com

0 Shares

Leave a Reply Cancel reply

Zelenskiy Denies Ukraine’s Involvement in Alleged Kremlin Drone Attack

Ukrainian President Volodymyr Zelenskiy has refuted Russia’s claims that Ukraine was involved in a drone attack on the Kremlin, which was allegedly aimed at killing Russian President Vladimir Putin. Zelenskiy stated that Ukraine fights and defends its territory, not attacking Putin or Moscow. The Kremlin reported that two drones were used in the attack but were disabled by Russian defenses.

Bodyguard Saves Japanese PM from Pipe Bomb Attack

A bodyguard has been hailed as a hero for his quick-thinking actions during a suspected pipe-bomb attack on Japanese Prime Minister Fumio Kishida. Video footage captured the bodyguard kicking away a metal object as it landed near Kishida
before positioning himself between the Prime Minister and the device, shielding him with a collapsible, handheld ballistics shield.

AlertEnterprise Reveals First-Ever Guardian AI Chatbot Powered by OpenAI ChatGPT

AlertEnterprise has unveiled its first-ever Guardian AI Chatbot powered by OpenAI ChatGPT. The chatbot will make its global debut at the ASIS Europe and ISC West trade events. Built on OpenAI’s GPT-3 platform, the Guardian AI Chatbot aims to provide security operators with instant access to critical physical access and security insights through quick questions and prompts.

COVID-19 and the Executive Protection

As practitioners, our responsibilities are many: protection of the client from physical harm, protection of the client from self-embarrassment, etc. Now, that the restrictions in the post COVID-19 era are starting to be lifted in some areas, Clients, and other high-net-worth individuals will be more aware of the area in which they are located, lodging, and traveling to.

Ways to See the Threat Before it Happens

Threat modelling is widely in use, whether knowingly or not, across every walk of life – and has been used since time immemorial to prioritise security defences. The only difference between the well-known risk assessments carried out by everyone and threat modelling in cyber security is the attempt to document and systemise it. I am hoping that this idea of formal threat modelling will be a useful tool for you to use in your future arsenal of available resources as a CP operator.

Keeping Your Edge: Building a Solid Foundation

Longevity, consistency and remaining relevant are some primary goals of all protectors. These factors are important when establishing a new contract and providing services for a new client. But what is equally important is the mindset that goes into those first days and weeks on the assignment. As such, I wanted to get the personal perspective of Vantrell Wilson, a close protection agent who I have trained with and worked alongside of for years now.

The Death of Journalist Marie Colvin

I’m not writing this piece to get into her personal or professional life, her ambitions or any other side of her character (that’s all been done). I’m writing this piece because I see media management in general, as a huge failing for far too many media deployments gone badly in conflict areas around the world. And I’m using Marie’s death as an example of just one of those failings.
I’m still angered every time I see a write up about the sad death of this journalist, and here’s my reasons why:
I knew Marie for years, first meeting her in Jerusalem during the Second Intifada between the Israelis and Palestinians back in the early noughties.

Breaking the Communication Barrier

Security Consultant, Ben Hockman, shares tips on breaking the communication barrier when operating in foreign countries where the locals do not speak your native language. Specifically, the advantages he experienced, having Spanish language skills while working on an assignment in Colombia.

Working Girl: Female Bodyguards

I’ve been traveling around the UK on a CP job for the past few months but was also lucky enough to be part of the security for the royal wedding, it’s not often I say I was glad I did a job but it was nice to see lots of flag-waving royalists out on the […]

Most people are not aware of the real impact and threat of ransomware campaigns going on almost constantly.

So what is ransomware?

What are the good guys doing?

What’s the real impact?

What can businesses or individuals do?

How about insurance?

Buy The Latest Issue

Sign Up For News and Updates

Promoted Event

Latest Podcast Episode

Latest Issue

Issue 66

Most people are not aware of the real impact and threat of ransomware campaigns going on almost constantly.

So what is ransomware?

What are the good guys doing?

What’s the real impact?

What can businesses or individuals do?

How about insurance?

Buy The Latest Issue

Sign Up For News and Updates

Reader Interactions

Leave a Reply Cancel reply

Promoted Event

Latest Podcast Episode

Latest Issue

Follow us