It’s hard to believe that Thanksgiving and Black Friday are only just a few days away.  As this comes closer, it means that Christmas is also coming around the corner, as well as the New Year of 2021.  So as we come closer to wrapping the end of the of the year, many of the Cybersecurity pundits are now starting to make their predictions for 2021.

I actually have a jump on that, because as I have been doing podcasts throughout the year, I have always asked my guests what their thoughts are on this.  Their basic consensus is that more of the same will continue, but of course in different variations and flavors. 

It also seems like that COVID is not going anywhere anytime soon, so that is going to further exacerbate things even further, as well as the current debacle we have with the transition to President Elect Joe Biden.

But one thing is for sure, Ransomware will still be out there. In fact, it is even rearing its ugly head even more now, especially hitting the healthcare industry hard.  As you know, I peruse through the news headlines on a daily basis, and at least 2 out every 5 of them are about some sort of Ransomware taking place.

It is only expected to get worse, as the Cyberattacker now is amping their arsenal in this regard.  Although there are many variants of it, long story short, this is where a Cyberattacker deploys a piece of Malware onto your computer or wireless device, and literally hijacks and locks it up (along with all of your other files). 

The only way that you can retrieve them back is if you make a ransom payment in the form of a Virtual Currency, typically in that of a Bitcoin.

Supposedly then, after receiving the payment, the Cyberattacker is then supposed to send you the Decryption Algorithms, so that you can unlock the files.  Some hacking groups have done this, and some have not.  But now, this is getting even worse. 

Apart from simply locking up your files, they now have become extortion like attacks as well, in which the Cyberattacker will even make bold moves to expose your databases and Intellectual Property to the public, unless they are paid.

So, this always comes down to the fundamental question:  Should you ever pay a Cyberattacker if you are hit with a Ransomware attack?  This has been a debate for quite some time, and people, especially city municipalities have actually paid up, but only to be hit yet once again.  So, let us look at the some of the finer points of this debate:

*Should I hire a third-party intermediary to negotiate?

If you are hit with this kind of security breach, timing is always of the essence.  Of course at first, you will feel completely blindsided, and thus, you will be in a total state of paralysis.  But try not to let this get to your emotions, as it will be imperative that you think with a calm and clear head on your shoulders.  In this regard, the thoughts of hiring a skilled Cybersecurity professional to negotiate on your behalf will often come into mind.  Your probably thinking that perhaps you can get the total cost of the ransom lowered, or perhaps the whole thing can be worked out.  But keep in mind, that if you go down this route, this will also add an extra expense to your bottom line, when it may not really be needed.  But this all of course depends upon the situation that you are facing.   If you are a large enough company with deep financial assets with a lot at stake, this negotiation avenue could be fruitful for you.  But of course, if you are a small SMB, this may not even be an option at all, depending upon your balance sheet.  But, if you think about it from a different perspective, if you do end up negotiating with the Cyberattacker, that could possibly buy you more time to see all of the datasets that actually have been stolen.

*You still have legal obligations:

Although becoming a victim has been no fault of yours (assuming that you have put up the best lines of defenses that you can), you still have a legal responsibility on those Personal Identifiable Information (PII) datasets.  You may be asking why at this point?  Well, the simple truth of the matter is that they were housed in your databases under your care and guardianship, and your employees and customers trusted you with that.  Plus, the recent passages of both the GDPR and the CCPA have made this now clear cut, and because of that, you could face an audit and some serious financial penalties.  So therefore, you have to assume this level of responsibility in a quick and timely manner and notify all of the stakeholders that have been impacted of the situation, and what the steps are being taken to remediate this situation quickly.  Also, you need to give them options as to what they can do in the future to protect their PII datasets should they still choose to be with your company either as a customer or an employee.  If you do take these steps quickly, it will actually be looked upon rather favorably, and because of that, you could even get a quicker payout when you file your claim with your insurance company.

*Now, the big question:

Well, we have to save the best for the last, right?  So, now the question arises should you pay or not?  As mentioned earlier in this blog, there have been entities that have become a victim and have paid up.  But the downside of this is that it was never confirmed if they actually got the Decryption Algorithms or not in order to unlock their files.  Also, I believe that some of these same entities were also hit again at a subsequent point in time.  On part of the Cyberattacker, the thinking was that if they have money to pay up for the first time, why not hit them again, and demand more, and this time, make the attack much more nefarious in nature (such as making it an extortion based attack as well).  This is the conundrum that many businesses face.  Because of this, the Federal Government has even stepped up in this regard, by making it clear that by paying a ransom, not only is it wrong, but it can even be illegal as well, as you could even be helping to fund future illegal activities.  More information about this can be seen here:

My Thoughts On This

Well, there you have it, some of the points that you need to ponder about.  So what do I think?  In my view, I don’t think a payment should ever be made.  My reasoning for this is that with the advent of the Remote Workforce becoming more of a permanent proposition, many companies are now migrating their entire IT and Network Infrastructures into the Cloud, such as through the AWS or Azure. 

With this, you can not only back up your data in just a matter of minutes, but you can create the servers and the databases that you need to support them in just a matter of minutes.

So, suppose you were hit by a Ransomware attack.  Technically, all you would have to do is then delete those Virtual Machines (VMs) and Virtual Desktops (VDs) that were impacted, and create new ones again, and restore the data into them. 

Also keep in mind that many of these Cloud platforms already offer a very rich security tool set that you can use to protect your respective Infrastructures, so you can deploy them in just a matter of a few minutes.

Also, you can mirror your VMs and VDs at your primary datacenter location into other ones as well, so that you have extra layer of redundancy.  But make sure that you work with a good Cloud Solutions Provider to get all of these configurations set up for you.