To continue from my last post, who do cybercriminals generally attack with ransomware?
A lot of targets are people who don’t update their software or use outdated software, as well as large hospitals, specifically the business side of them that takes care of the administrative work. When hospitals are attacked, it usually has disastrous consequences that end up in shutting down for days at a time, an inability to take patients, using pen and paper to keep records, and of course, the loss of hundreds of thousands of dollars. This brings up the question of whether to pay the ransom or not, as it is usually the cheaper option to taking weeks to restore backup data or losing it all if you don’t have backups. Or what about merely decrypting the files yourself?
Let me give you some more background on how ransomware works. To decrypt your files, you need a private key, which is the secret to ransomware. Once your files are encrypted, your private key to those files is in the hands of the person who attacked you, and the idea is that you have to pay them to get that private key back. The good news is that if you have a perfectly functional backup system, then a ransomware attack is nothing more than a speed bump in your life. All you would have to do then is wipe your computer clean and reinstall your operating system along with the data from your backup storage devices.
The solution to this problem is simple, but some organizations still end up paying the ransom because they don’t have backups. Paying a $17,000 ransom is cheaper than losing millions of dollars in revenue and turning patients away. This can be seen as a simple business decision by some, deciding to do what would be cheaper overall, but I recommend that you never pay ransoms. To get the full story on why you shouldn’t pay ransoms, read the next post in this series, which will be posted within a week. Thanks for reading!