The State of Ransomware

DATA SECURITY PODCAST

In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine,  Robert E. Johnson III, Cimcor CEO/President, discusses the latest views on Ransomware in today's cybersecurity climate. The podcast can be listened to in its entirety below.

Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak. 

Q: So, Robert today I'd like to talk to you about the state of ransomware — a super hot topic. We're seeing it everywhere, but is this still a threat and are we making progress to alleviate the threat and the effects of ransomware? 

A: Wow — well, I haven't been on your show in a while and you just jump right into the hard questions. Straight to it!  Sadly, ransomware still is a real problem and currently is the dominant malware threat,  so it is safe to say I think that the stakes are actually getting even higher.

The average ransomware payment is up about 171% over 2020. Back in 2019 actually, we were about $115,000 for average ransomware payment and in 2020, it jumped up to about $317,000, on average. The stakes are definitely higher. Just a few months ago, the largest ransomware payment in history was made by an insurance company. It was $40 million. And that's the negotiated amount. The hackers actually want it 60 million and they were able to somehow negotiate it down to 40 million. So and to add insult to injury, you know just across the industry we're spending more on cybersecurity-related software and tools than ever before, but yet the bad guys are still winning.

Q: Right they certainly are, which is discouraging but I guess, we know in thinking about it, what does someone do if someone has ransomware in their system and I guess what are their options, so they don't feel discouraged?

A: Well, if your cyber defenses have failed and you're currently in a state that you are a victim of ransomware, then your options are kind of limited. You kind of asked me a question I only have bad news as the answer. So everything, in my opinion, boils down to three choices if you're in this in this boat. The first choice, you can restore from backup and that's probably the best option, but of course, that requires you to have up-to-date backups and beyond that, backups that actually work. So, we recommend a 3-2-1 method and that means to have three types of backups, three backups on two different types of media, with one of those backups stored off-site. So that's our preference. So that's your first option, and probably your most reliable option restore from that backup

Your second alternative - and this is kind of a hail Mary, but, in rare cases, there's a publicly available decryption key available and that decryption key can be used to unlock your files. Now, I hate to give false hope out there, but sometimes it's available and you can use it to decrypt your files.

But you cannot depend on that and that should not be part of your strategy, because many times, more times than not, the encryption key is unique to your particular installation.

Then the third alternative is you can pay the ransom. Now, that's the alternative of the last resort. The FBI does not recommend that you actually pay the ransom, and I feel the same way. I don't believe that you should pay it. In my opinion, this encourages these threat actors to target other companies; it helps capitalize their illicit activities and encourages others to participate in this ransomware and malware economy. So, unfortunately, nowadays, companies are starting to pay the ransom and pay it. at higher rates, than ever. Last year about 26% of companies actually paid the ransom, and this year we're looking at about 36% of companies are actually paying the ransom. So, companies are doing it more and more. But here's the disturbing stat that folks need to consider if you're going to pay the ransom. 92% of the companies that pay the ransom don't get all of their data back. 

Q: Wow, those are alarming statistics. In addition to other alarming statistics that you've shared so far with us, Robert and I guess it leads me to my last question, I think you just laid out some really great options for folks, but what can we, what can we be doing about this? Is there anything we can do about ransomware? Apart from of course not paying ransom to encourage them further, but it seems like that's not the trend.

A: Well, you know, I think that just having a robust backup strategy, a robust and tested backup strategy, you know that's number one, that's critical. But then other tips are, you know, ensure that you have multi-factor authentication, everywhere in your organization for all of those critical systems.

Make sure that your systems are patched and make sure that your security solutions are actually up to date. And then, there's something that's often overlooked, and that's ensuring that you have a system integrity tool in place. Something like our CimTrak Integrity Suite. Now, the CimTrak Integrity Suite is essentially a next-generation file integrity monitoring tool that can detect changes to servers and network devices in real-time. I mean, this helps you identify ransomware and other threats just moments after they actually attack your system. So, a true system and system integrity insurance tool, such as CimTrak, provides you with the ability to roll back the system to a previous state of integrity. You know, getting to that point before the ransomware attack. To help you quickly recover and get systems running again.

You know, Hillary I think that that one additional step, adding that layer of system integrity insurance can help identify and stop many of these ransomware attacks and malware-related threats. It can just stop them just dead in their tracks.

Q: Well that's certainly reassuring to hear. So I'm glad that we're able to end the episode together on a high note for sure, Robert Well as always, thank you for coming on, and thank you for sharing your expertise with us and I'm looking forward to next time.