2016 was a big year for ransomware. It saw a massive increase in ransomware events and payouts to criminals, which, most experts say, only exacerbates the issue.
A 2015 report by the Herjavec Group (an Information Security company) noted that the total cost of ransomware reached $1 billion in 2016. With new “strains” of ransomware spreading worldwide (such as the Russian “spora”), we should all be on high alert for this business-impacting cyber threat.
There are two primary methods to dealing with a ransomware infection:
- Rebuild your computer or network from scratch/uninfected backups, or
- Pay the criminals for the decryption key
Cyber criminals know that most organizations can’t suffer the interruption to their business or devote the resources necessary to recover the network from backups. So they’ve employed a new attack method that’s simple and preys upon the fear of dealing with a ransomware event: the “bluff.”
Mimicking an actual ransomware infection, criminals are tricking users into thinking their machines are compromised by launching an intimidating, full-screen display on the user’s computer. The cryptic message that appears declares that if any attempt is made to bypass the screen (rebooting, disconnecting from the Internet, etc.) then all files will be deleted.
The idea is that people will quickly pay up --- and that’s exactly what’s happening. This new type of ransomware attack has recently plagued businesses in the UK where as many as two in five large businesses have fallen victim to a “bluff” ransomware attack.
Of those businesses who were affected, almost two-thirds actually ended up paying a ransom to the perpetrators; each time putting an average of almost $17,000 into the pockets of the nefarious actors carrying out these schemes. Five percent of those businesses paid a ransom of more than $30,000!
How to avoid a ransomware bluff attack:
Spotting these bluff attacks will difficult for most, so it’s best to have an IT forensic or security expert on call. Perhaps the most critical components of dealing with ransomware are having both a well thought out and documented incident response plan and disaster recovery plan. With these risk mitigation strategies in place, your organization can respond quickly and efficiently and avoid paying a costly ransom fee.
Having a cyber liability insurance policy that contains first party coverage for IT forensics, digital data restoration expenses, cyber extortion expenses, and breached party notification costs is critical in any cyber risk related event.