Photo of a cat with closed eyes rubbing its head against a wooden post. Here is how Anssi CEO Guillaume Poupart commented on social media about the announcement by insurers about the compensation structure for paying cyber ransoms. If we don’t know exactly what Anssi’s general manager had in mind, many computer security professionals were worried about a measure that could keep the vicious circle going.
Despite the warnings addressed to them, many victims actually pay ransoms demanded by ransomware gangs, malware that encrypts your data in order to extort money from you. They believe that this is the fastest way to restore their network. The pressure is all the greater as the cybercriminals also threaten to reveal the stolen data.
Too many ignored attacks
But paying the ransom means the cycle of attacks continues, with ransomware gangs using their ill-gotten gains to fund more ambitious attacks. So, should we be concerned that compensating for an insurance payment is beneficial to cybercriminals?
The answer is not so simple. First, as in all OECD countries, the recovery of the ransom in France was already possible. The current reform now regulates this payment. It really will depend on the filing of the complaint. However, this is not a joke. Because there are too many ransomware attacks, the most important cybersecurity issue we face today is simply ignored.
It is currently difficult to get an accurate idea of what is really going on. Even when companies admit they have been the victim of a cyberattack, they are very often unclear as to what happened and seem very reluctant to refer to the incident as a ransomware attack.
“Major cyber attack”, “causing cyber incident”, and “data encrypted by a third party”. These are just some of the statements made by victims of ransomware attacks to describe what happened, but without mentioning the term.
Some victims end up being more open about what happened, but only months or years after the incident. Others will never publicly admit that it was ransomware.
It is frustrating to not have a complete and clear picture of what is going on, although reading between the lines of the vague claims of a “complex cyber incident” that “broke services” makes it clear that this is a ransomware attack.
Nevertheless, an instructive
This lack of transparency is detrimental to everyone. Some victims are very quick to discover that it is ransomware. I have interviewed victims of attacks who, after the incident is over, are ready to go on record about what happened. It’s interesting to hear how CIOs and IT security managers talk about what happened.
What these communicative cybersecurity leaders have in common is that they want to prevent others from being the next victim. As such, their speech focuses on the lessons they have learned from strengthening cyber defenses to prevent future incidents.
This includes, for example, updating their systems, setting up multi-factor authentication, and making regular backups. All of these measures can help stop ransomware attacks. In this matter, it is best to act before an attack occurs.
Change of mind
Ransomware is not just a technological problem. Ultimately, these cyberattacks have global implications. However, we are often left in the dark about why the services we depend on don’t work. In some cases, it seems that the situation is already changing.
Recently, Los Angeles Unified (LAUSD), the second largest school district in the US, was attacked by ransomware. He immediately reported the incident to the authorities while keeping the public informed of the situation. Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), welcomed this approach. The latter praised efforts to ensure victim transparency.
Managing a ransomware attack is not an easy task. But how organizations talk about it is just as important as the technical answer. By detailing what happened and how the incident was resolved, they show that extortionist gangs can be countered. This may prevent new victims. In the fight against ransomware, everyone has an interest in making attacks more transparent.