On Tuesday April 23, 2024 we had another great Pointury event about cybersecurity with Johan Kestens as keynote speaker.
Ransomware Negotiation, Strategies and Ethical Dilemmas
Ransomware has become a critical cybersecurity issue, requiring organizations to adopt careful negotiation strategies while balancing ethical considerations. During our event Johan Kestens explored the dynamics of ransomware attacks, examined historical trends, and discussed how organisations can prepare for and respond to such incidents.
A 35-Year-Old Problem with Escalating Growth
Ransomware is not a new phenomenon; its roots date back 35 years. However, recent technological advancements have led to an exponential increase in ransomware attacks, with annual growth rates between 40% and 50%. The expanding sophistication of these attacks necessitates a strategic approach to manage and mitigate the threat.
The Negotiation Dilemma: To Pay or Not to Pay?
The key question when faced with ransomware is whether to pay the ransom. In the past, most organisations opted to pay to recover their data. Five years ago, double extortion became common, where attackers not only encrypted systems but also threatened to publish sensitive data. Despite the lack of guarantees, many victims still paid, with a couple of years ago 3 out of 4 victims paying. However, attitudes have shifted, and now only 1 in 4 pays the ransom, with some countries making it illegal to do so.
The Ransomware Industry: Sophistication and Professionalism
The ransomware industry has evolved into a highly organised and profitable business. In 2019, total ransomware payments amounted to $220 million. By 2023, this figure had grown to $1.2 billion, with the median payment increasing from $75,000 in 2019 to $200,000 in 2023. The average ransom paid has also seen a significant increase, from $150,000 in 2019 to $850,000 in 2023. These statistics reflect the alarming growth and increasing sophistication of ransomware operations.
Defense Strategies: Protecting Against Ransomware
To combat the threat of ransomware, organisations must implement robust defence strategies.
Selective encryption can cause significant harm, and traditional backups may not be reliable if they are also infected. Smart backups with extensive cross-checks are essential. To minimize the risk of ransomware infiltration, companies should adopt network segmentation, particularly in high-risk areas. This reduces the potential impact of an attack and limits its spread.
Employee training is another critical aspect of defence. For example, up to 30% of incoming viruses come from CVs sent to recruiters, which can be mitigated by keeping them outside the main network. Additionally, guiding employees to use two-factor authentication (2FA) in their personal lives can reduce the risk of phishing attacks. Insider threats also require attention, as even trustworthy employees may face personal crises that make them vulnerable to compromise.
Ethical Dilemmas in Ransomware Negotiation
Ransomware negotiation strategies are fraught with ethical challenges. Paying ransoms can perpetuate a cycle of extortion, encouraging cybercriminals to continue their activities. On the other hand, refusing to pay risks irreparable data loss and significant disruptions to operations. Organizations must carefully consider these factors and strive to find a balance between protecting data integrity and avoiding incentivising criminal activities.
In summary, ransomware is a complex and evolving threat that requires a multi-faceted approach to defence and negotiation. Organizations must stay informed, develop comprehensive cybersecurity strategies, and navigate ethical dilemmas to protect their data and operations in the face of this growing menace.
Our partners for this event were
Secureworks offers managed threat prevention, detection, and response with the best overall value. Together, we’ll stop cyberattacks faster and more efficiently with Extended Detection and Response.
SentinelOne was founded in 2013 by an elite team of cybersecurity and defence experts who developed a fundamentally new, groundbreaking approach to endpoint protection. SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organisations secure their assets with speed and simplicity. SentinelOne unifies prevention, detection, response, remediation and forensics in a single platform powered by artificial intelligence. With SentinelOne, organisations can detect malicious behaviour across multiple vectors, rapidly eliminate threats with fully-automated integrated response and to adapt their defences against the most advanced cyberattacks. SentinelOne has offices in Mountain View, Tel Aviv, and Tokyo. The company is recognized by Gartner in the Endpoint Protection Magic Quadrant as a Leader and has enterprise customers worldwide.
Sertalink is a specialised exclusive partner for ManageEngine. Also, we're cutting-edge security solutions in identity and access management, data access governance server and endpoint audit, data loss prevention and state-of-the-art solutions allowing to monitor, control, and record all remote access sessions to in an IT infrastructure.
We are working together with our partners to give an answer to changing market conditions, to make sure our end-users get the latest security solutions to protect confidential data.
Check out upcoming events and other interesting articles on www.pointury.com.
