Criminals seem to take advantage of anything that will allow them to gain more money, power, or notoriety. It seems in the last year that ransomware has become more prevalent and widespread in all sorts of organizations, though a number of governments have had high profile attacks. They’ve often paid the ransom, with the help of insurers.
While that might seem like the most expedient way to get back to working, it can be a problem, as this article points out. It can often be more expensive, in time and currency, to combat an attack than to pay a deductable and have the insurer cover the rest. When insurers start to pay for the attacks, then it provides an incentive for more attacks, especially similar attacks at governments or other corporate divisions where the security (or lack thereof) might be similar.
This also can influence more organizations to purchase insurance, which might be part of the reason insurance companies are happy to pay out the policy. I expect that insurers can’t pay all policies, so I would hope they would start to require more proactive security measures and policies to prevent attacks against some companies. In fact, I hold out hope that insurance, not government, will drive more companies and organizations to implement better security practices.
The downside is that sometimes paying the ransom doesn’t get the keys to decrypt files. In fact, I suspect that it’s as likely that the criminals don’t have the key as they just make a mistake in their “customer service” effort to provide the key. All sorts of organizations have trouble providing the right keys at times to customers, so I’d expect this happens to criminals as well. I also wouldn’t be surprised if some criminals aim to exact a second ransom, perhaps devised to be just below the insurance policy limit, before providing a key.
The takeaway for most data professionals here is that we want to be very careful with our data, especially our backups. While others might lose their data to encryption, it behooves us to severely limit access to backup files to prevent a rogue account accessing them, and certainly we would want to to air gap backups wherever possible. If we find out that systems are encrypted, at least we can recover our data on new hardware. If our application code is likewise held in another system, like GitHub or BitBucket, then we might even get back to work quicker, at least for our data-driven applications.
Security continues to be an increasing part of the data professionals job. As a way to ensure your career continues to advance and grow, pay attention to how well you secure your organization’s data.
Steve Jones
Listen to the podcast at Libsyn, Stitcher or iTunes.
Voice of the DBA 
This sucks and capitulating to the demands of these hackers will only hurt all of us in the long run but corporations and especially governments don’t care about tomorrow, they have no problem kicking the can down the road for someone else to deal with once it comes back around. I will say that I think you’re wrong about the hackers not providing the key after being paid in order to get another payment. They know this works fro them only when they do as they promise to do. They could try planting something to launch another attack later on but if they don’t provide access after being paid as they said they would then they risk future extortions, decrease the chance of getting paid because they’ve sen the signal that they may not keep their word. You can count on these hackers to deliver upon getting paid. The real concern is with what happens each time a company or government capitulates to the hackers demands.
I can’t help but wonder if some of these attacks could have been prevented had the IT dept been given the proper funding/resources necessary .
LikeLike