Ransomware is malicious software that is designed to block access to computer files, folders or a whole system. It typically encrypts the victim's data, rendering it inaccessible, and then displays a message demanding payment, often in cryptocurrency, in exchange for a decryption key that will release the data. Ransomware can infiltrate systems through phishing emails, software vulnerabilities, or downloads from malicious websites. All it takes is one wrong click and ransomware can be deployed to wreak havoc on individuals, businesses, and organizations of all sizes, causing significant disruption to operations, compromising sensitive data, and inflicting financial losses.
We Don't Negotiate with Terrorists
While widely attributed to U.S. President, Richard Nixon, the principle of "We do not negotiate with terrorists" has been ingrained in political rhetoric for decades. After falling prey to a ransomware attack, most organizations are faced with the decision of whether they’re going to pay the ransom demand. Ultimately, the decision to pay is with the insurer (if you have cyber insurance) but most insurers will take into consideration the wishes of the policyholder.
Paying the ransom doesn’t necessarily mean that an organization will regain access to their encrypted data. This is often because the decryption utilities provided by those responsible for the attack simply don’t work. Don’t forget, these are criminals and there’s nothing that says that they must satisfy their end of the agreement after receiving payment. That goes not only for handing over a functional ransomware decryption key, but also for deleting any stolen data.
The rising popularity of cryptocurrencies have further enabled cybercriminals and helped them evade law enforcement. Ransom payments in cryptocurrency are difficult to trace and can be easily converted into cash.
60% of small to medium enterprises that experience a cyber attack and who do not have cyber insurance, will fail within 6 months.1
In a recently published report, titled Ransomware: The True Cost to Business, nearly half of respondents (46%) who fulfilled their attackers’ demands regained access to their data following payment only to find that some if not all their data was corrupted. Just 51% said that they successfully recovered all their data after paying, with three percent admitting that they didn’t get any of their data back after payment.2
Despite these statistics, negotiations with ransomware terrorists do occur. During a recent CDSPI webinar, Douglas Fast, Vice President and Client Executive at BFL Canada, recounted a scenario involving a client dealing with a ransomware attack. Hackers demanded $400,000 for the release of data, which included sensitive client files. "The Beazley breach response team wasted no time; within hours, a team of experts, including forensics specialists, legal advisors, privacy experts, and negotiators, was mobilized to manage the situation. Through strategic negotiations, they managed to significantly reduce the ransom to $185,000. Ultimately, the insurer covered the ransom amount, recovered the data, and effectively resolved the crisis."3
Ransom demands vary widely depending on the attacker’s sophistication and their perception of how much their target can afford to pay — varying from thousands to tens of millions of dollars. However, Nicholas Hickey of Beazley Insurance cautions, “As a dentist and businessperson, you’re not expected to, nor should you know the intricacies of negotiating with criminals. That’s why we have professional negotiators on staff as part of the Breach Response Team.”4
Ransomeware Demands Keep Rising
According to a recent report, ransomware attacks have surged by 25% and that number keeps rising. However, by some estimates, the ransom payment only accounts for a small portion — often as little as 15% — of the overall costs associated with the ransomware attack. The cost of downtime (an average of 22 days to fully resume operations)5 and recovery of lost data after a ransomware attack often exceeds the actual ransom.
Beyond the immediate damage caused by a breach, the reputational damage can be catastrophic in terms of how customers perceive a brand's commitment to data security. This loss of trust can lead to long-term reputational damage, loss of customers/patients, and potential legal and regulatory repercussions, all of which can far outweigh the initial cost of the ransom.
Strategies to Prevent Ransomeware Attacks
Ransomware is an evolving threat, and small businesses should take proactive measures to protect against financial loss.
Phil Fodchuk, National Leader, Cyber Security at MNP Digital points out that “the fundamental operations of your practice are almost completely digital. Without a well-functioning computer system, you’d likely completely shut down.”
With this constantly evolving threat, Fodchuk urges clients to “think about your practice’s cyber security needs the same way you think about recommending regular check ups to patients. It’s part of an overall approach to prevention that ensures measures can be taken as early as possible if needed to prevent negative outcomes.”6
The Five-Step Process to Protect Your Business7
01
Identity
Compile a list of all your software, hardware, and data sources, third-party vendors, and others that can access your data.
Based on this information, create a cyber security policy that outlines employee roles and responsibilities and share it with your team.
02
Protect
Add controls to your practice that include:
- Security software
- Access logs (network and devices)
- Scheduled data backups
- Data and device disposal
- Employee training
03
Detect
Constantly monitor your devices for unauthorized personnel access, unusual network or staff activity on your network, and unauthorized network connections (internal or external).
04
Respond
Create and regularly test your cyber security plan. It should include:
- Reporting any breaches or attacks to the authorities, your patients, and other affected parties
- How to keep your practice running smoothly
- Dealing with other external forces that may put your data at risk
05
Recover
After an attack or breach occurs, focus on repairing and restoring your affected hardware, software, and network, as well as keeping your patients and team up-to-date on your response and activities.
Is Cyber Insurance Worth It?
Yes. Cyber insurance is a critical tool necessary to protect yourself and your practice from cybercrime, but it can't be your entire strategy. Your best approach is to build strong defenses against attacks regardless of whether or not you're insured. A ransomware attack can happen any time, to any organization. Immediately upon discovering that your systems have been compromised, contact your cyber insurance provider and a breach response team will be deployed to provide support and counsel to aid in the resumption of business operations.
160 Percent of Small Companies Close Within 6 Months of Being Hacked (cybersecurityventures.com)
2Freed, Anthony M. Three Reasons Why You Should Never Pay Ransomware Attackers. Cyberreason.com
3CDSPI Webinar. March 2024.
4Ibid
5The cost of ransomware: Why every business pays, one way or another. March 2023
6Fodchuk, Phil. How to effectively protect your practice from cyber security threats. MNP Digital. December 2023.
7Cyber security basics for dentists. Presentation by MNP Digital. February 2024.