Companies have developed new methods of keeping valuable data safe from cyber criminals, but over the last two years these same criminals have gotten smarter, and in turn, are now applying greater pressure on their victims to pay their ransom.
The popularization of ransomware attacks has caused them to become a major risk for all businesses, and this is especially true in the financial services sector. Payment processors and other companies involved in the payments space hold onto valuable data from customers and partners alike; this is data that black market organisations and malicious individuals find very enticing.
Fortunately, cyber defence tools and risk management protocols are constantly improving to evolve alongside cyber-attack technology, and new solutions are being introduced to keep that data safe. This has become especially true during the global COVID-19 pandemic, where the work-from-home environment has meant that networks are less secure as entry points are spread out and human error can lead to holes in the metaphorical security fence. So new solutions to fix these issues are constantly being tested and released, fighting back against the ever-present ransomware threat.
The same could be said for those on the attacking side, however. While companies are taking steps to improve their security measures, cyber criminals and data thieves are also taking steps to ensure they make money from these attacks. In recent years, pressure has become the greatest tool for the cyber attacker.
Pressure tactics
When a business falls victim to a ransomware attack, it is already too late. In an ideal world, cyber security prevention and risk mitigation would be carried out before an attack happens, but in many cases, this is a lot easier said than done. With constantly evolving cyber threats that are becoming more difficult to prevent, businesses should protect themselves with preventative security, post-attack risk management and incident response solutions.
Following a ransomware attack, the first step should be to stop the bleeding and identify the affected systems and data. Then comes a more difficult decision: whether to pay the ransom. This of course depends entirely on what was stolen and how prepared the organisation was for this event.
The consequences of a ransomware attack vary drastically between organisations. For those with public systems or those that rely on high availability (this is especially true in the payments industry), full redundancy and robust disaster recovery plans can limit the impact of an attack. For those with business-critical or sensitive data, creating frequent back-ups is a way to avoid loss (but be sure to keep those backups on a separate network segment, or ideally, offline).
Finally, keep in mind that while a data thief may threaten to sell the stolen data online, there is nothing to stop them from doing that anyway even if a business did pay. They are criminals and not necessarily concerned with keeping their word.
Of course, cyber criminals understand all of this, and have evolved pressure tactics to ensure profitability. The number of successful ransomware attacks is almost certainly under-reported worldwide, typically only getting covered if the attack has caused a service outage or if data begins to leak. Under regulations like GDPR, companies must announce if they have been the victim of a successful attack, but this only affects organisations with European data and an affected company may choose to hide this information regardless. The reason for that is a simple one: it is bad publicity.
Being the victim of a cyber crime is a PR nightmare for any business, especially those in financial services considering how impactful payment data can be. If news breaks that your business has suffered a cyber attack, then your reputation can fall and both partners and customers could leave due to the loss of trust and a perception that your business is not safe. So even if the data stolen is lacklustre and has little value, the threat of losing reputation from just suffering an attack is present and is threatening.
Cyber criminals use many methods to pressure companies into paying their ransom. We have seen attackers advertise attacks on social media, they sell the data publicly, they have contacted customers and partners whose correspondence they have stolen, they can even add pressure by threatening a secondary attack if the first attack is not enough on its own. There is also the pressure brought on by these attackers using the stolen data to attack suppliers and customers directly.
Don’t let the pressure get to you
There are many threatening ways that cyber criminals can monetize stolen data, so organisations must never become complacent in their security procedures. Even if the threat of losing that data forever is minor, pressure can still be placed on a business to pay and the only way to prevent this is to ensure the right security measures are in place before an attack can even happen.
To avoid all the things that go along with a ransomware attack, ensure that your business has implemented the best solutions for its operational environment and that third party risk avoidance measures are being taken. Most importantly, ensure that employees are fully trained and are only accessing parts of the network they need to access. Human error—whether it is through negligence or ignorance—is the biggest reason for a breach in security, so making teams aware of this and managing the present risks are vital to avoiding an attack, and in turn avoiding unnecessary pressure.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.