GovernWith Blog

Cyber Attacks - Paying Criminals

Written by GovernWith | Oct 10, 2023 11:25:04 PM

Navigating Ransomware Payments: Guiding Boards in Cyber Crisis

Understanding the Urgency:

In the dynamic realm of cybersecurity, organisations confront intricate challenges that demand quick decisions. Ransomware attacks, a looming threat, thrust boards into complex choices amidst cyber extortion. This article delves into the intricacies of ransomware payments, guiding boards through the maze of considerations when facing this critical juncture.

Cyber Attacks Paying Criminals Snippet

 

Weighing the Decision to Pay:

As cyber threats evolve, organisations often find themselves at crossroads triggered by a ransomware assault. Governance expert Wes Ward underscores the seriousness of these situations, characterising them as organised crime with specialised cyber segments. Boards must grasp the urgency, realising that business continuity, reputation, and stakeholder trust hang in the balance.

Navigating Sanctions and Cyber Insurance:

Initiating payment isn't a straightforward money transfer. David Rudduck, an incident response authority, emphasises the significance of avoiding inadvertent payments to sanctioned entities. This is where the intervention of ransomware negotiation experts becomes pivotal. While cyber insurance may defray the cost, organisations often need to fund the ransom upfront. The process typically involves transferring funds to negotiation experts who then convert them into the preferred currency of cybercriminals, Bitcoin.

The Intricacies of Payment:

Once the payment journey starts, a complex waiting game unfolds. Transferring funds via Bitcoin involves a time-consuming procedure due to blockchain intricacies. Threat actors wait for the blockchain to update before confirming the transfer. This strategic move prevents retraction after confirmation. Subsequently, the decryption phase commences.

Decryptor Delays and System Recovery:

Obtaining the decryptor doesn't guarantee a seamless return to normalcy. Delays in decryptor reception, incorrect or sluggish decryptor functionality, and system corruption can complicate the restoration process. Boards must be prepared for potential hiccups in systems' restoration. Repairs, reloads, and potential data loss due to encryption-related corruption might be necessary.

Broader Implications and Board Vigilance:

Choosing to pay a ransom isn't an isolated event; it has far-reaching ramifications. The intricate process, uncertainties, and potential setbacks underscore the need for proactive board engagement in cybersecurity matters. These incidents spotlight the significance of robust incident response strategies, risk assessment, and proactive measures.

Conclusion:

The evolving cyber threat landscape demands an encompassing grasp of ransomware attacks and the intricate decisions they trigger. Boards must internalise the urgency, legal nuances, and technical intricacies tied to ransom payments. By recognising the complexities involved and the possible aftermath, boards can better equip themselves for worst-case scenarios, diligently striving to prevent and mitigate the aftermath of ransomware attacks on their organisations.