The morally ambiguous solution to ransomware-compromised storage

A laptop with a 'forbidden' sign on its screen, connecting to countries all over the world.

Posted on Tuesday, February 28, 2017

2016 was the year that ransomware conquered the headlines. Three hospitals in Kentucky, Chino Valley and California were all taken offline by malware for instance. And Licking County government in Ohio joined the ranks of the affected less than three weeks ago.

The spread and impact of these malware events show that analyst predictions were correct – ransomware will be a major security factor that needs to be addressed sooner rather than later.

Current prevention measures aren’t working

Much of the security industry focus has been on technical solutions to the challenge of malware. From stateful packet inspection at the firewall level, to anti-malware on the desktop, a lot of faith is being placed in scanning software that can stop a ransomware infection before it starts.

To a lesser extent, some businesses have been trying to educate end users about identifying malware and preventing its spread by being more mindful in their use of IT. But the continued spread of file-encrypting ransomware shows that neither technical, nor educational approach is having the desired effect.

And once malware makes it onto the central data stores, the damage can be catastrophic – or hugely inconvenient at the very least.

A potentially unethical solution

A report in the Detroit News suggests that many larger businesses have added an additional provision to their incident response planning – Bitcoin wallets. Official FBI policy suggests that businesses should not pay ransoms. But when faced with the need to restore operations as quickly as possible, many organisations choose to meet the criminals’ demands and pay up.

Symantec estimate that businesses pay between $10,000 and $75,000 each time to release the ransomware decryption keys. Obviously this is not an insubstantial amount, but many COOs would rather take the hit because the costs of continued downtime are far higher.

Which would help explain why ransomware payments topped $1 billion last year.

Yet another demand on your budget

However your business chooses to protect the corporate data store – technology or Bitcoin – you have yet another drain on the IT budget. Which is why creating cost savings elsewhere – like partnering with a lower cost, third party maintenance provider – remains so important.

Next steps

To learn more, please get in touch.