Is Paying the Ransom Always a Non-Starter?
July 19, 2019 in Afinety Cloud Platform, Security
By: Lorita Ba
What Should Law Firms Do When Faced With Ransomware
Ransomware attacks are increasingly common, with some estimates suggesting that they’ve risen in frequency by nearly 500% from 12 months ago, according to Forrester Research. If your law firm IT were to be affected by such a cyber incident, would you pay the ransom?
Entertaining such a question seems to not only go against conventional wisdom but what IT security experts have long cautioned – that you can’t negotiate with the unscrupulous. Further, capitulating to hackers’ demands in no way guarantees that they’ll wind up surrendering the information stolen or encrypted.
However, given the sensitivity of the data involved, some IT authorities say it’s not so nonsensical a notion after all, as its in bad actors’ best interests to deliver on their promises when those they prey upon pay up.
Florida City Opts To Pay $600k To Retrieve Data
From small-business owners to international conglomerates, companies of all sizes have ultimately decided to cut their losses and pay the amount that perpetrators insist on. Even municipalities are acquiescing, the latest example being Riviera Beach, Florida. Located north of West Palm Beach, the city and its 35,000 residents have been unable to use public service utilities over the last three weeks because attackers hacked into the city’s network servers, disabling phone lines, emails and payment processing, The New York Times reported. Unable to retrieve the hijacked data, local lawmakers voted unanimously to pay the $600,000 ransom, which officials are hopeful will put computer servers back online as happened for a Georgia county that paid $400,000 when it was victimized in March, according to The Wall Street Journal.
Riviera Beach spokeswoman Rose Anne Brown told the Times that it’s coordinating with law enforcement and informed them of its decision prior to wiring the money.
“We are well on our way to restoring the city system,” Brown explained.
“170 government entities have experienced ransomware infections since 2013.”
In addition to Baltimore, which is steadfast in its decision to not paying the ransom, Riviera Beach is only the latest municipality hit by such a cyberattack. Based on data obtained by CNN, no fewer than 170 government entities – meaning cities, counties or state – have fallen prey to ransomware infections in the last six years. Forty-five of these were sheriff’s or police departments. This may be particularly worrisome for law firms, given they’re often in regular communication with law enforcement regarding pending cases, which entails the sharing of data.
“We were crippled, essentially, for a whole day,” Albany Police Department patrolman Gregory McGee told CNN. “All of our incident reports, all of our crime reports, that’s all digitized.”
Acceding To Ransomware May Be Best Of Bad Options
IT teams were able to resolve the issue in New York’s capital city within 48 hours and did so without giving in to the offenders’ demands. However, given the stakes involved, many believe that paying should not be summarily dismissed as a non-starter.
“There’s a tendency to answer the question by sloganeering: Never negotiate with terrorists,” wrote Stephen Carter, law professor at Yale University, in an opinion piece for Bloomberg. “Otherwise, so the reasoning goes, you will get more terror attacks. But while this argument makes sense for those who are likely to suffer repeated attacks, it’s not clear that those less likely to be regular targets should reason the same way.”
Josh Zelonis, a senior analyst at Forrester Research, feels similarly, noting that cities who hold the line may suffer from diminishing returns as Baltimore is learning first hand. The financial fallout from the attack is believed to be in excess of $18 million and counting. In other words, the ransom demanded may be a pittance compared to the alternative.
“Many organizations significantly underestimate the scale of disruption they need to plan for or make too many assumptions about what functionality will continue to exist after an attack,” Zelonis warned.
He added that while paying the ransom may indeed be inadvisable, it should at the same time not necessarily be completely out of the question, but explored “in parallel with other recovery efforts to ensure you’re making the best decision for your organization.”
Of course, the best solution is to avoid becoming a ransomware victim altogether. This is possible by remaining vigilant. Perhaps above all else this also means leveraging a multilayered approach to data security, including multifactor authentication, software patches, updates and a good disaster recovery plan. Look to a reliable cloud solution, like the Afinety Cloud Platform, which runs on the largest and safest cloud provider in the world, Amazon Web Services to reduce your risk of outside threats in today’s world.