{"id":890,"date":"2022-01-05T13:14:00","date_gmt":"2022-01-05T13:14:00","guid":{"rendered":"https:\/\/dev.cryptoloc.au\/?p=890"},"modified":"2023-10-03T06:16:10","modified_gmt":"2023-10-03T06:16:10","slug":"the-cost-of-ransomware-should-you-pay-the-ransom","status":"publish","type":"post","link":"https:\/\/127.0.0.1\/the-cost-of-ransomware-should-you-pay-the-ransom\/","title":{"rendered":"The cost of ransomware: Should you pay the ransom?"},"content":{"rendered":"\n

By Jamie Wilson, Founder and Managing Director of Cryptoloc<\/em><\/p>\n\n\n\n

It might be the most difficult decision you ever have to make. With the future of your business and the private details of your customers, clients and employees on the line, whether or not to pay the ransom demanded by a cybercriminal can seem like an impossible choice \u2013 but here are the things you need to consider. <\/p>\n\n\n\n

Ransomware has grown rapidly in both profile and impact over the last couple of years. Traditionally, ransomware attacks have consisted of criminals gaining access to your files and encrypting them, or restricting operations, and demanding a ransom for their return. <\/p>\n\n\n\n

But the craft of ransomware has evolved recently, with the emergence of double extortion, in which the criminal threatens to leak your stolen files, and even triple extortion, in which your clients or suppliers are also hit with ransom demands. <\/p>\n\n\n\n

The Australian Cyber Security Centre recorded a 15 per cent increase in ransomware<\/a> over the 2020-21 financial year, while the Director-General of the Australian Signals Directorate recently told the Parliamentary Joint Committee on Intelligence and Security there had been a 60 per cent increase in ransomware attacks<\/a> on Australian businesses over a 12-month period. <\/p>\n\n\n\n

There is seemingly no sector that ransomware won\u2019t touch. Private companies of all sizes have been targeted, but so have schools, scientific and technical organisations, social services, and even hospitals. <\/p>\n\n\n\n

Earlier this year, Eastern Health \u2013 the operator of four hospitals in Melbourne\u2019s east \u2013 was hit by a cyber attack that forced it to postpone certain surgeries, with ransomware the likely cause of the disruption<\/a>. In the United States, ransomware has recently been alleged as the cause of death<\/a> for a baby born at a hospital where hackers had shut down crucial systems in an extortion attempt. <\/p>\n\n\n\n

Ransomware is serious business \u2013 and for those on the receiving end, it can put them in a seemingly impossible situation. <\/p>\n\n\n\n

Is paying the ransom illegal? <\/h3>\n\n\n\n

In Australia, at the time of writing, there are no laws that explicitly<\/em> prohibit the payment of a ransomware demand. <\/p>\n\n\n\n

There are laws that a person considering paying a ransom should consider, however. <\/p>\n\n\n\n

Division 400 of the Criminal Code Act 1995 (Cth), which deals with money laundering, makes it an offence to deal with money or property where there\u2019s a risk that it will become an instrument of crime, and you are reckless or negligent as to whether it will be used as an instrument of crime. <\/p>\n\n\n\n

Obviously, a hacker demanding ransom has already committed at least one crime, and it\u2019s entirely possible they\u2019ll use the ransom money to carry out further ransomware attacks \u2013 meaning there\u2019s a risk the money will become an instrument of crime (even if, ultimately, the hacker ends up using the money for some non-criminal purpose). <\/p>\n\n\n\n

Duress is a possible defence here, if you can demonstrate that you believed the hacker\u2019s threat would be carried out unless you paid the ransom; there was no reasonable way the threat could have been rendered ineffective; and the payment of the ransom is a reasonable response to the threat. <\/p>\n\n\n\n

It\u2019s also illegal to intentionally make funds available to a terrorist organisation, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) \u2013 so if the cyber cartel<\/a> that\u2019s demanding the ransom payment is classified as a terrorist organisation, this would be illegal. (Of course, you may not know the identity or status of the organisation making the demand, but the law still applies if you are reckless as to whether or not it\u2019s a terrorist organisation.) <\/p>\n\n\n\n

It\u2019s also worth noting that Labor has proposed a Ransomware Payments Bill which would require ransomware attack victims to contact the ACSC prior to making a ransom payment and disclose the amount being demanded and the details of the cryptocurrency wallet provided for the payment. The goal of the Bill, which has yet to pass, is to give the ACSC a chance to offer victims alternative options they might not have considered, and to provide intelligence that could help law enforcement agencies target the criminals making the demands. <\/p>\n\n\n\n

Australian entities with an annual turnover of more than $3 million are currently required to report all data breaches that could result in harm to the Office of the Australian Information Commissioner (OAIC) within 72 hours. \u2018Harm\u2019 is subjective here \u2013 in theory, virtually any data breach has the potential to cause some degree of harm to someone \u2013 which is why it\u2019s considered best practice to report any data breach to both the OAIC and the ACSC. <\/p>\n\n\n\n

Going forward, I expect all of the countries in the Five Eyes alliance \u2013 Australia, the US, the UK, Canada and New Zealand \u2013 to eventually pass legislation that does<\/em> explicitly prohibit the payment of ransomware demands, even though this will put companies that are unable to recover without access to their data in an extremely challenging position. <\/p>\n\n\n\n

For instance, if a company feels they truly have no choice but to pay the ransom, they could then find themselves at risk of further extortion if the attacker threatens to reveal the illegal payment \u2013 creating a virtual M\u00f6bius strip of ransom payments. <\/p>\n\n\n\n

Should you pay the ransom? <\/h3>\n\n\n\n

The ACSC recommends that victims of ransomware do not pay the ransom<\/a>. Their reasoning is that paying the ransom effectively funds criminal groups, and demonstrates a willingness to give in to criminal demands, which can incentivise these groups to continue deploying ransomware attacks. <\/p>\n\n\n\n

The ACSC also notes there\u2019s no guarantee you\u2019ll actually regain access to your systems and your data after paying the ransom. (The files may not be recoverable at all, if the attackers used \u2018wiper\u2019 malware, which sometimes masquerades as ransomware.) There\u2019s also no guarantee the group won\u2019t just turn right around and hit you with another ransomware attack \u2013 they could even provide you with a payment link that installs more malware onto your system. <\/p>\n\n\n\n

In the United States, the FBI recommends against paying ransoms<\/a> for essentially the same reasons. <\/p>\n\n\n\n

Despite this, roughly one third<\/a> of Australian businesses that are hit with a ransomware attack choose to pay the ransom \u2013 for an average amount of roughly $1.25 million, according to a survey conducted by Crowdstrike in 2020. (Exact figures are hard to come by, since most victims of ransomware don\u2019t willingly disclose that fact.)<\/p>\n\n\n\n

It\u2019s not hard to see why they decide to give in. I\u2019ve seen businesses brought to their knees by ransomware \u2013 especially small and medium-sized enterprises that don\u2019t have backups in place, and simply don\u2019t have the resources to get back on their feet and rebuild if they aren\u2019t able to recover their data. <\/p>\n\n\n\n

It\u2019s not just smaller companies that feel the heat, either. JBS Foods, the world\u2019s largest meat supplier, recently paid a $US11 million ransom<\/a>. <\/p>\n\n\n\n

Earlier this year, the United States experienced fuel shortages after Colonial Pipeline, an oil pipeline system that carries gasoline and jet fuel, was hit with a ransomware attack that forced it to shut down its pipelines for days. With the assistance of the FBI, Colonial paid a $US4.4 million ransom<\/a> to restore their network. <\/p>\n\n\n\n

Colonial Pipeline CEO Joseph Blount said that Colonial could have restored from backups, but opted to pay the ransom<\/a> because of the critical nature of the pipelines and the uncertainty over how badly their systems had been breached and how long it would take to recover them. <\/p>\n\n\n\n

A majority of respondents (62 per cent) to CNBC\u2019s Global CFO Council<\/a> survey for Q2 2021 said that Colonial had \u201cno choice but to pay the ransom\u201d, although only five per cent said it was the \u201cright\u201d choice. <\/p>\n\n\n\n

(The Department of Justice was eventually able to recover the Bitcoins from the ransom payment by acquiring the private key of the ransom account, but these were worth only $US2.3 million because of a drop in Bitcoin value since the payment.)<\/p>\n\n\n\n

No matter the size of your organisation, it\u2019s clear that the ideal solution is to prevent an attack in the first place. Ensure your operating systems, software and applications are up to date; set your anti-virus and anti-malware solutions to automatically update and scan; turn on multi-factor authentication; and most importantly, train each of your employees not to visit unsafe or suspicious websites, open emails or files from unknown sources, or click on suspicious links in emails or on social media. <\/p>\n\n\n\n

Even if you do all of that, you could still fall victim to an attack \u2013 but you should be able to recover with minimal downtime, and without paying the ransom, as long as you\u2019ve got a solid backup infrastructure in place. Back up your data regularly, and ensure your backups are stored securely, and aren\u2019t connected to the computers and networks they\u2019re backing up. <\/p>\n\n\n\n

You should also report the breach to the ACSC hotline on 1300 292 371, or via ReportCyber<\/a>, the ACSC\u2019s online portal for reporting cybercrime incidents. <\/p>\n\n\n\n

In today\u2019s landscape, a ransomware attack is increasingly inevitable \u2013 but if you put effective cybersecurity practices in place and back up your data, you may never have to make that impossible choice. <\/p>\n\n\n\n

With Cryptoloc\u2019s patented three-key encryption technology, nobody can ever access your data without your permission. Learn more about how you can safely store, share, sync and secure your files with Cryptoloc <\/em>here<\/em><\/a>.  <\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

By Jamie Wilson, Founder and Managing Director of Cryptoloc It might be the most difficult decision you ever have to make. With the future of your business and the private details of your customers, clients and employees on the line, whether or not to pay the ransom demanded by a cybercriminal can seem like an […]<\/p>\n","protected":false},"author":3,"featured_media":1124,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/890"}],"collection":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=890"}],"version-history":[{"count":2,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/890\/revisions"}],"predecessor-version":[{"id":1135,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/890\/revisions\/1135"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media\/1124"}],"wp:attachment":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}