A new study has identified the most profitable malware, showing just how much unprepared businesses have paid.
An article review.
Despite pleas from various experts and authorities, it looks like a significant number of organizations ultimately decide to pay the criminal organizations who have held their data hostage. That’s something that many people have probably assumed to be the case, but the MIT Technology Review recently publicized research that appears to confirm those assumptions, showing bitcoin transactions associated with known malware easily totaling in the millions of dollars.
While the article focuses mainly on the financial cost of malware and some of the effort that goes into tracking down its sources, our friend Joe Cychosz suggested a different angle when he shared the piece with us: The only reason to pay the ransom is because you failed.
In many cases it’s not just one failure, it’s a series. Take this hypothetical scenario for example:
- An employee, who didn’t get adequate awareness training, opens an attachment or follows a suspicious link.
- The employee’s user access levels weren’t ever subjected to a regular review and no one noticed they had far more access than they needed.
- The organization had nightly backups, but they were on servers not segregated in any way from the primary network.
- The less-frequent offline backups had not been verified in a long time, and no one noticed that the tapes were unreadable.
The proper policies and procedures here could have mitigated the crisis at multiple points before it became necessary to pay a ransom…but with this hypothetical company, even a fire or flood could have wiped out their data–without giving them the chance to buy it back! There will always be new, unexpected threats out there, but having a solid set of basic policies and procedures–and enforcing them–can stop one failure from turning into a disaster.
Original article by the MIT Technology Review.