A better plan for dealing with ransomware attacks
Carl Mazzanti//October 7, 2024//
PHOTO: DEPOSIT PHOTOS
PHOTO: DEPOSIT PHOTOS
A better plan for dealing with ransomware attacks
Carl Mazzanti//October 7, 2024//
Recently, I was at an event and an official from a municipality in New Jersey approached me. The person – who is not a client – told me they had suffered a cyber attack that crippled their network and had just authorized a $500,000 ransomware payment to get the hacker to release their systems. I wish they had spoken with me first.
These kind of payments are, unfortunately, increasingly common. A hacker sneaks by the digital defenses of a municipality, company or other organization, and locks up their system, threatens to release confidential information, or lifts personally identifiable and other information to target other people with all sorts of scams.
In early 2022, for example, a city in Florida was crippled when a ransomware attack took down its computer systems. In August 2022 a local sheriff’s system was targeted, impairing the office’s ability to process criminal arrests. One study found that nearly half of all ransomware attacks are directed against cities.
Municipalities are often encouraged – by their insurers – to pay the ransomware. That is likely because they either expect to get reimbursed by their own reinsurer, or because the carrier will make it back through higher premiums.
Another possibility is that law enforcement may be able to track down the bad actors and return a good chunk of the cash. That is what happened in the case of Colonial Pipeline — which paid about $4.4 million in May 2021 after its oil and gas pipelines across the eastern U.S were crippled by ransomware. About a month later, the U.S. Department of Justice announced it managed to recover about $2.3 million of the ransom payment.
It is good that insurers can spread the risk through reinsurance, and I am happy for Colonial Pipeline. But any time a municipality or other organization pays off a ransom demand, they make a big mistake. It is sort of like saying: “My roof leaks every time it rains, but instead of fixing it, I will put a bucket underneath the drip.” They are addressing the symptom, instead of the cause.
And just as a leaky roof will only get worse over time, paying a ransom to a cyber attacker just guarantees that you are a good customer — hackers know you are an easy source of revenue, and they will keep coming back. One report found that 36% of organizations that made one ransom payment were hit again, while 41% who paid failed to recover all of their data.
We see this all the time when victimized organizations reach out to us for the first time (after the fact, unfortunately) and ask us to help them clean up their operations.
We get them back up and running, but we also always advise them to a) not pay the ransom in the future and b) make an investment in their own cyber infrastructure, which will reduce their risk of being penetrated.
It is a matter of setting up layered defenses – encompassing human and technological elements – that together can keep out bad actors. With this strategy, even if they manage to breach one portion of your cyber defenses, other layers will still stand and block them.
The configuration of training and technology will be customized for each organization, but these layers typically include:
Municipalities and other organizations routinely collect a great deal of sensitive information, which makes you a rich target for cyber criminals. Attacks against municipalities and other organizations are rising and are also getting more sophisticated. But when you refuse to pay a ransom, and work with an experienced cybersecurity partner, your network and data will be safer, and your bank account will stay healthier.
Carl Mazzanti is president of eMazzanti Technologies in Hoboken, providing IT consulting and cybersecurity services for businesses ranging from home offices to multinational corporations.