Ransomware has exploded in the last few years. That is because it has become a very lucrative business for criminals. The premise is as follows: you break into a company’s IT system, steal or lock sensitive data from the system, contact the company with a ransom demand to unlock the files or avoid them being made public.
A few well-documented cases are when CD Project Red’s source code for its most popular games were made public, when TSMC had to shut down its facilities in August 2018, and when the Colonial Pipeline in the U.S. was taken down.
The dilemma that companies face when being targeted by ransomware attacks is whether to pay or whether to ignore the demand. Companies will suffer from reputation damage when it becomes public that the company is being blackmailed. Therefore, companies are inclined to pay out to the criminals before the criminals make public that they have access to a company’s files. However, in the end the ransomware attack will nearly always reach the news. The criminals demand huge amounts of money that would surely show up in the annual reports. For example, Colonial Pipeline paid $4.4 million to the hackers in May of this year. Large multinationals will have no financial difficulty with paying these amounts of money.
Would there still be a reason for them to not pay? Definitely! First of all, the criminals could always still make your data public, even after you paid. Secondly, it is about setting a precedent; for your company and companies in general. It has been proven that companies that pay out on ransomware attacks have an 80% chance of suffering another attack again. Next to that, if no company would pay to hackers, there would be no incentive for ransomware attacks to happen. As a result, the U.S. Department of the Treasury has issued a statement that makes many forms of paying ransom to criminals illegal. Next to that, the department is cracking down on cryptocurrency exchanges that aid in the ransomware payments.
It will be interesting to see whether the whole business world can come to an agreement where no one pays criminals ransom, and that way reduce the number of ransomware attacks.
Links:
https://arstechnica.com/gadgets/2021/06/cd-projekt-red-says-its-data-is-likely-circulating-online-after-ransom-attack/
https://thehackernews.com/2018/08/tsmc-wannacry-ransomware-attack.html
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
https://www.welivesecurity.com/2021/07/08/ransomware-pay-not-pay-legal-illegal-these-are-questions/
https://home.treasury.gov/news/press-releases/jy0364