Skip to content

Ransomware

From the desk of

Trey Stokes

In 2024, every business understands that cybersecurity is a major risk. C-suite executives know that the threat is real but, are all threats created equal? Absolutely not. I wanted to dive into one of the most impactful high-risk threats that can wipe out a unprepared business. I’m taking about Ransomware. Just like you would not want a friend or a loved one to be taken hostage for ransom, you would not want your business to be held at gunpoint, and that is what criminals do when they encrypt your files and stop your operations. Let’s take a look at what exactly ransomware is and its impacts.

Webster’s Definition of ransomware:

noun
ran·​som·​ware ˈran(t)-səm-ˌwer 
: malware that requires the victim to pay a ransom to access encrypted files

In September of 2013, security for small accounting offices changed forever with the appearance of a new class of threats called ransomware. … you open a file attached to an innocent-looking e-mail, and the program encrypts key files and drives so they cannot be accessed. The files are locked until you pay a ransom.—Dave Mcclure

With ransomware, a hacker slips into a system, then puts encryption controls in place that locks users out. The hackers then demand money to “unlock” the data.—Elizabeth Millard

Today’s ransomware scammers often demand payment in bitcoin because the digital currency is easy to use, fast and provides a heightened anonymity for the scammers, according to the FBI warning.—Susan Tompor

Now that we have a basic definition of ransomware let’s talk about who is behind propagating these attacks. For the most part, ransomware is a business. It can be a business of espionage by large nation states like Russia, North Korea, Iran, or the U.S., (that’s right folks we do it to. These sophisticated operations are often designed to progress a nation state’s foreign political agenda, such as to influence the outcome of elections or negatively impact the way of life of an adversary’s population. Attacks that are not executed by nation states are often perpetrated by for-profit criminal organizations. Think of the cyber mafia. Interestingly, cyber attacks carried out by criminal organizations can also be sponsored by larger actors, such as nation states or political hegemons. Case in point Colonial Pipeline’s ransomware attack. A Russian backed ransomware gang, DarkSide targeted Colonial because it carried 45% of the East Coast’s fuel supplies. DarkSide was able to shutdown 5,500 miles of pipeline which transports 2.5M barrels of refined gas and diesel daily.  The attackers elicited at $4.4M ransom in Bitcoin, $2.3M of which was later recovered but the DOJ. A win for the home team! Bottom line, the goal of this attack was to disrupt the American way of life. The Colonial Pipeline ransomware attack is just one of many. Often, Ransomware groups are identified by the strains of malware they use or by their attack methods. Some popular ransomware groups include LockBit, CLOP, BlackCat/ALPHV, and Royal. Now that we have talked about what ransomware is and who the major players are, let’s talk about the impacts.

As a risk management expert, when you assess a risk, you first want to consider the probability of the risk occurring. According to a report by CNBC, According to a recent report by the cybersecurity company Sophos, 66% of businesses fell victim to ransomware in 2023. I would consider 66% probable. The estimated global cost of global cost of ransomware is rapidly growing, and is predicted to exceed $256B in just a few years. Okay, move that to very probable. So, if your company is hit with this, what will the impact be?

  1. Financial – The average Ransomware payment a small and medium-sized business (SMB) is estimated to be between $200K to $2.3M. There are also costs associated with business interruption or potential legal penalties that are not reflected in the ransomware payment and are additional costs.
  2. Reputational – It takes years to build a business and only a second to destroy it. If your business is mentioned in a local or national paper as a ransomware headline, that is not going to be a good look. Your current employees may feel that they have been betrayed and their information was not properly guarded, ditto for your clients. Ransomware can also affect potential new hires and clients – it’s probably easier to go down the street to a company with a clean slate.
  3. Psychological – Many security professionals report psychological distress or feelings of depression after a cyber-attack. Ransomware can be particularly difficult to deal with as you are negotiating with criminals. Let’s just say that in some of the negotiations I have personally seen when assisting clients, ransomware groups don’t tend to use positive language and motivation in their communications.
  4. Societal – See above the cost of the Colonial Pipeline attack. This was a national security risk. This attack occurred in 2021, think about the implications of a similar attack in 2024 with two active wars and a U.S. Presidential election. That really ups the instability ante. Top-down, Congress needs to step in provide more cyber resources to protect our critical infrastructure. Average small businesses are attacked each day and that puts an unnecessary drag on our economy and supply chain. Many of these businesses want to spend more on cyber but they don’t have the resources. Congress should also consider creating a tax stimulus to help small businesses invest in cyber protections. We need more support for STEM education initiatives to get intelligent young people interested in cyber careers to fill the growing cyber skills gap.

Bottom line, we need to put the full court press on cyber defense and stopping the spread of Ransomware. As citizens and taxpayers, we are footing the bill for these cost one way or another. In my next few articles, we will look at how you can prevent, detect, respond, and recover from ransomware. We will explore how the good and the bad guys are taking advantage of technological innovations, such as AI and Machine Learning. Please send questions or comments that you would like me to explore in this series to [email protected]. I’ll do my best to address them and to bring some practical solutions to this ever growing problem. Until then, stay safe and think twice before you click.

-Trey Stokes