Ransomware is malicious software that is designed to block access to computer files, folders, or a whole system. It typically encrypts the victim’s data, rendering it inaccessible, and then displays a message demanding payment, often in cryptocurrency, in exchange for a decryption key that will release the data.
Ransomware can infiltrate systems through phishing emails, software vulnerabilities, or downloads from malicious websites. All it takes is one wrong click and ransomware can be deployed to wreak havoc on individuals, businesses, and organizations of all sizes, causing significant disruption to operations, compromising sensitive data, and inflicting financial losses.
Sixty per cent of small to medium enterprises that experience a cyber attack and do not have cyber insurance will fail within six months.1
cybersecurityventures.com
‘We don’t negotiate with terrorists’
While widely attributed to U.S. President Richard Nixon, the principle of “We do not negotiate with terrorists” has been ingrained in political rhetoric for decades. After falling prey to a ransomware attack, most organizations are faced with the decision of whether or not to pay the ransom demand. Ultimately, the decision to pay is with the insurer (if you have cyber insurance), but most insurers will take into consideration the wishes of the policyholder.
Paying the ransom doesn’t necessarily mean an organization will regain access to its encrypted data. This is often because the decryption utilities provided by those responsible for the attack simply don’t work. Remember: These are criminals, and there’s nothing that says they must satisfy their end of the agreement after receiving payment. This goes not only for handing over a functional ransomware decryption key, but for deleting any stolen data, too.
The rising popularity of cryptocurrencies has further enabled cybercriminals and helped them evade law enforcement. Ransom payments in cryptocurrency are difficult to trace and can be easily converted into cash.
In a recently published report titled, “Ransomware: The True Cost to Business,” nearly half of respondents (46 per cent) who fulfilled their attackers’ demands regained access to their data following payment only to find that some if not all their data was corrupted. Just 51 per cent said they successfully recovered all their data after paying, with three per cent admitting they didn’t get any of their data back after payment.2
Despite these statistics, negotiations with ransomware terrorists do occur. During a recent CDSPI webinar, Douglas Fast, Vice-President and Client Executive at BFL Canada, recounted a scenario involving a client dealing with a ransomware attack. Hackers demanded $400,000 for the release of data, which included sensitive client files.
“The Beazley breach response team wasted no time,” he said. “Within hours, a team of experts, including forensics specialists, legal advisors, privacy experts, and negotiators, was mobilized to manage the situation. Through strategic negotiations, they managed to significantly reduce the ransom to $185,000. Ultimately, the insurer covered the ransom amount, recovered the data, and effectively resolved the crisis.”3
Ransom demands vary widely depending on the attacker’s sophistication and their perception of how much their target can afford to pay — varying from thousands to tens of millions of dollars. However, Nicholas Hickey of Beazley Insurance cautions, “As a dentist and businessperson, you’re not expected to, nor should you, know the intricacies of negotiating with criminals. That’s why we have professional negotiators on staff as part of the Breach Response Team.”4
Ransomware demands on the rise
Ransomware attacks have surged by 25 per cent, and that number keeps rising, according to a recent report. By some estimates, however, the ransom payment only accounts for a small portion — often as little as 15 per cent — of the overall costs associated with the attack. The cost of downtime (an average of 22 days to fully resume operations)5 and recovery of lost data after a ransomware attack often exceeds the actual ransom.
Beyond the immediate damage caused by a breach, the reputational damage can be catastrophic in terms of how customers perceive a brand’s commitment to data security. This loss of trust can lead to long-term reputational damage, loss of customers/patients, and potential legal and regulatory repercussions, all of which can far outweigh the initial cost of the ransom.
Strategies to prevent ransomware attacks
Ransomware is an evolving threat, and small businesses should take proactive measures to protect against financial loss.
“The fundamental operations of your practice are almost completely digital,” says Phil Fodchuk, National Leader, Cyber Security at MNP Digital. “Without a well-functioning computer system, you’d likely completely shut down.”
With this constantly evolving threat, Fodchuk urges clients to think about their practice’s cyber security needs the same way they think about recommending regular check-ups.
“It’s part of an overall approach to prevention that ensures measures can be taken as early as possible if needed to prevent negative outcomes,”6 he says.
The five-step process to protect your business:7
Take time to put a plan in place so you’re not left scrambling.
Is cyber insurance worth it?
Cyber insurance is a critical tool necessary to protect yourself and your practice from cybercrime, but it can’t be your entire strategy. Your best approach is to build strong defenses against attacks, regardless of whether or not you’re insured. A ransomware attack can happen any time, to any organization. Immediately upon discovering your systems have been compromised, contact your cyber insurance provider. A breach response team will be deployed to provide support and counsel to aid in the resumption of business operations.
References
1 60 percent of small companies close within six months of being hacked (cybersecurityventures.com)
2 Freed, Anthony M. Three reasons why you should never pay ransomware attackers. Cyberreason.com
3 CDSPI webinar. March 2024.
4 Ibid
5 The cost of ransomware: Why every business pays, one way or another. March 2023.
6 Fodchuk, Phil. How to effectively protect your practice from cyber security threats. MNP Digital. December 2023.
7 Cyber security basics for dentists. Presentation by MNP Digital. February 2024.