Ransomware - why do so many people pay?

Ransomware - why do so many people pay?

I remember a quieter time in life – a time before ransomware was a thing. If you haven’t heard about this type of cyber attack you are one of the lucky ones who obviously hasn’t needed to find out more about it. Yet.

Ransomware is typically malicious code that is injected, or installed, on a server or network that locks all the files it can get to. There are loads of varieties out there, but basically it means  you can no longer access anything as the ransomware has either locked it down, or changed all the file extensions. Most users are then presented with a screen showing instructions for payment of a ransom to be given the decryption key to unlock their files.

I’ve not had this happen to me, thankfully, but I know a few people who have and it’s pretty scary. We rely so heavily on our systems and data each day that, when it’s suddenly taken away, it can be  very daunting.

 Individual users or small businesses tend to be hit with automated attacks, and the ransoms are quite small – just small enough to entice people to pay them. These attacks aren’t very sophisticated though, and as long as you have a good disaster recovery plan in place, you can probably recover all your files and get on with life. I’ve seen people have all their locked files sync up to the cloud storage they were using as backup, and they then had to rely on the cloud provider to roll back their files – fingers crossed.

Big businesses are a little different. These are probably targeted attacks – some are probably state sponsored too. And some statistics are saying that up to 70% of enterprise ransomware attacks end up with the business paying! There’ve been a few high profile cases recently, with Garmin being the latest to pay up to get their data back. I’ve spoken with a few cyber security specialists about this, and the problem is that these attacks are becoming far more sophisticated. Hackers eventually find ways into organisations (phishing attacks are common).  Then they work their way up to either find or give themselves more and more permissions until they are basically network admins. They go after the backups first – and this is the worrying bit –to encrypt them all. Imagine having a ransomware attack and thinking “we’ll be fine – we’ve got backups!” only to find they have also been encrypted -  that would be a bad day.

When it comes down to it, these big businesses often have no choice but to pay up. It would be crippling to try any other alternative, and we’ve also seen hackers start to leak data online when businesses refuse to pay. Ask yourself, what would you do!?

So, and I realise this is a big generalisation, but small businesses should probably have separate disaster recovery plans with separate permissions and great detection policies so they know if/when anything is changed in those backups. Big businesses should probably just panic… or get some specialists in to give them some good advice. These risks can also be offset by having good cyber insurance – a good cyber insurer will have access to experts that can decrypt a ransomware attack, so it’s worth having them on your side if the proverbial hits the fan.

For a confidential conversation about your insurance program, contact one of our members today.


General Advice Warning

The information provided is to be regarded as general advice. Whilst we may have collected risk information, your personal objectives, needs or financial situations were not taken into account when preparing this information. We recommend that you consider the suitability of this general advice, in respect of your objectives, financial situation and needs before acting on it. You should obtain and consider the relevant product disclosure statement before making any decision to purchase this financial product.

Cyber Insurance

Cyber Insurance

Technology has never been so deeply entwined in our businesses. While it delivers significant efficiencies and convenience, it also comes with significant cyber risks.

What is a DDOS attack and why is it happening so much?

September 8, 2020

We survived a hacking attempt

August 11, 2020

Protect your business and your customers with two factor authentication

September 1, 2020

Find your local Insurance Adviser

Talk to your local Adviser about your insurance needs and to get a quote