10 Feb 2016

Why businesses are willing to pay hacker ransoms.

Not just because of bad back-ups.

A quarter of companies that had data exfiltrated by a hacker would pay some sort of ransom to stop the information being released publicly, according to research.

A survey by the Cloud Security Alliance that was sponsored by Skyhigh Networks found 24.6 percent of companies would be “willing to pay a ransom to prevent the release of sensitive information”.

In addition, 14 percent of respondents said they “would be willing to pay a ransom in excess of US$1 million ($1.4 million) to prevent the release of such information.”

The willingness to pay to prevent “a catastrophic release of stolen information” had much to do with whether the company had appropriate cyber insurance, according to the researchers.

They found 28.6 percent of insured companies would try to pay a ransom compared to 22.6 percent of those without insurance.

The survey appears to deal only with a situation where the hackers themselves have gleaned valuable data that they are threatening to release elsewhere.

There have been several recent examples of companies in this situation not giving in to hackers’ demands, including a bank in the UAE which saw its data publicly released after refusing to pay US$3 million in bitcoin.

Perhaps the more common situation is for firms – or at least, individuals working for those firms – to fall victim to ransomware scams.

Ransomware is malware that encrypts your data and locks your machine. It demands payment in exchange for regaining control.

The Australian Competition and Consumer Commission reported 2500 instances of ransomware in 2014, costing Australian individuals and businesses collectively over $1 million.

FBI Assistant Special Agent Joseph Bonavolonta made headlines late last year when he advised victims of ransomware “just to pay the ransom”.

The ransom costs typically ranged from US$200 ($281) to over US$10,000, and Bonavolonta said that people paying the ransoms kept the amounts low.

“While supporting this sort-of ransomware economy may seem backwards, attackers appear maximise their profits through volume and most keep their word that you will ‘get your access back,’ Bonavolonta said.

NAB chief security officer David Powell advises businesses in particular to do regular back-ups to minimise the impact of having data locked by ransomware.

He also recommends keeping the backup offsite and off the network to prevent attackers from similarly locking it for ransom.

It’s not just hackers and ransomware that businesses need to watch for – sophisticated email scams are also used to milk money.

The ACCC’s ScamWatch last year issued warnings about an email scam about apparent changes in payment arrangements from suppliers.

A French SME was very recently scammed using a similar method. It was only saved by its banks, which flagged and withheld most of the transfers.