Ransomware has been around for more than three decades, so it’s hardly an unexpected threat. And yet, organisations large and small are still being taken completely by surprise by the file-encrypting malware, leaving them to decide between rebuilding many of their computer systems from scratch to rid themselves of the ransomware or paying up to the crooks in the hope that they will hand over the encryption keys. So why aren’t we learning the lessons from all the companies that have already been hit by ransomware over the years? Here are a few reasons.
- Nobody thinks that they will be the next victim
This is one of the root problems; while many organisations are aware of the ransomware threat, they don’t think they’re going to be the next victim. Some firms think they are too small or obscure to be noticed by ransomware gangs. Others think they are too well protected to be at risk. Both can be wrong; some ransomware attacks start with a spray of malware-filled emails that could end up in pretty much anyone’s inbox; others start with randomly scanning for internet-facing ports. Either of these could put any organisation of any size at risk. And as for those big companies that think they are invulnerable? Well, there are plenty of examples of huge organisations being hit hard by ransomware gangs who have the money and the time to play a long game.
- Security basics are be ignored
Ransomware crooks are sometimes portrayed as master criminals and while they are undoubtedly sophisticated, most ransomware attacks are preventable by relatively straightforward steps. Keeping software patched and updated is one of the basics. Some of the ransomware that is causing the most problems relies on some pretty old software flaws in order to spread. Fixes for these flaws are readily available and yet too many companies aren’t applying them. Of course, software patching is boring, time consuming and costly work that brings little obvious benefit. But rebuilding all your customer databases after a ransomware attack is probably going to be a lot worse.
- Staff aren’t taking security seriously
Because some ransomware attacks still start with a bogus email, a wrong decision by an individual worker can put your whole organisation at risk. That means educating staff as to what phishing and ransomware looks like is extremely important. Also, it’s still too easy for a single mistake to cause chaos because once crooks have access to the network, too many times companies stick with default passwords across the network, or give too many staff too wide ranging access to systems which means that once their account it hacked the threat to the broader organisation is much greater. Remote working is not making this any better, of course.
- Catching ransomware gangs is far too hard
Most police forces struggle with such limited resources that investigating major crime is hard enough. Trying to investigate cyber crime – never a top priority – is even harder because few officers have the expertise to understand what crime is being committed, let alone understand how to chase the crooks involved. Even if the police do have the resources and the skills to pursue these gangs, there is also reality that many will be hard to trace. And even if police can identify the crooks, they often live in jurisdictions far away that are in little hurry to hand them over to stand trial, in some cases because the line between the ransomware gangs and the state itself are blurred.
- Too many businesses will pay the ransom
It’s hard to tell how many ransomware victims actually pay up, but some estimates put it as high as between a third and a half. And while police will urge victims not to pay up, it’s understandable that when faced with either paying or losing their entire business, some execs will grit their teeth and reach for the bitcoin. The bigger problem here is that not only does this reward the criminals, it also encourage more crooks to give ransomware scams a go. One ransomware group alone managed to generate around $60 million in an 18 month period.
More ransom payments means more ability to hire developers to make their ransomware more effective. More ransom payments means the crooks can spend the time and effort on bigger targets that might take longer and more resources to crack. More ransom payments means the whole cycle starts again – with the gangs stronger than ever.
ZDNET’S MONDAY MORNING OPENER
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.