Ransomware has become increasingly lucrative for cybercriminals, as some entities were all too quick to pay to recover their data and to keep it from being posted to the dark web. That infamously included Colonial Pipeline, the fuel pipeline operator that supplies 45% of the East Coast’s supply of diesel, gasoline, and jet fuel.
The company paid the hackers – believed to be operating from Russia – nearly $5 million. Experts warned it was the wrong course of action, and as previously reported, in July 2019, the United States Conference of Mayors, agreed to “stand united” against paying any ransom should their respective system be targeted. The rationale was that by not paying, it could lessen the likelihood of such attacks on other cities.
A coalition of entities has vowed to take the course not to pay the cybercriminals. The 50 members of the International Counter Ransomware Initiative (CRI) – which includes 48 nations as well as INTERPOL and the European Union – reaffirmed at the third CRI gathering last month that none would pay such a ransom.
“We commit to collectively address our approach to ransomware payments to undermine the ransomware business model and disrupt criminal activity. We will not tolerate the extortive actions of these cyber criminals who too often act with seeming impunity,” CRI announced via a statement. “Therefore, we strongly discourage anyone from paying a ransomware demand. Each of us intends to lead by example. We have reached consensus that relevant institutions under the authority of our national government should not pay ransomware extortion demands.”
Why Ransoms Shouldn’t be Paid
The group further warned that paying a ransom will not guarantee the end of an incident, or the removal of malicious software from any compromised systems and that it only provides incentives for criminals to continue and expand their activities. It also provides funds that criminal actors can use for illicit activity, and there is also no guarantee the data will be returned.
The group also encouraged the reporting of ransomware incidents to relevant government authorities; and the sharing of actionable information with the CRI members.
Addressing a Serious Problem
The pledge won’t immediately stop ransomware attacks – and just this week hackers released Dallas County’s stolen information on the dark web after the city failed to pay, while Japanese sporting goods maker Shimano also was targeted in an attack that compromised 4.5TB of sensitive data.
Yet, this initiative is still a step in the right direction say experts.
“I’m glad to see a report of more good intentions for cooperation between countries on this important problem. Ransomware remains a serious and costly challenge,” emphasized Dr. Jim Purtilo, professor of computer science at the University of Maryland.
“The joint statement however mostly promises more bureaucracy without mention of new funding, tech innovation or initiatives we haven’t already heard of before,” Purtilo told ClearanceJobs. “I’d hate to see ransomware become another of the many threats that administrators use to sustain a career. We’re missing some leadership here.”
Have a Recovery Plan
For the foreseeable future, all entities should have a cybersecurity plan that includes recovering from a ransomware attack – and that includes ensuring that data is backed up early and often.
“A ransomware attack is something every IT security team will be forced to deal with eventually, and often, victims find it challenging to determine the best course of action for recovering their data and restoring services,” said Darren Williams, CEO and founder of cybersecurity research firm BlackFog, via an email.
What shouldn’t be part of the plan is paying the hackers.
“Many opt for paying the ransom as it seems like the easier way to minimize damage and prevent operation disruption. However, this requires a company to trust hackers to keep their word, even though there’s no way of knowing they will even if the ransom is paid,” warned Williams.
Not only will it encourage future attacks as CRI warned, but could embolden the threat actors.
“Though, the primary concern with paying the ransom is that it serves as an incentive for future attacks not just on your own company, but on companies across the world because it builds confidence in the cybercriminal network,” Williams added. “The coalition of countries coming together to denounce ransomware payments sets a long-awaited global standard, asserting that no organization should be confused about whether they should pay or not.”