Ransomware is Escalating and Costs are Skyrocketing

By Hubert Yoshida posted 08-19-2019 20:31

Last Friday, Texas Department of Information Resources, based in the state capital of Austin, issued a statement on Friday saying that ransomware  attacks had hit multiple "Texas government entities," claiming at least 20 victims. This is just another indication that ransomware activity has escalated onto another level. 

This summer we have seen the cost of ransomware escalate with a major focus on states and local governments. I blogged about this in Junewhen two cities in Florida were hit with ransoms as high as 42 bitcoins, which translated to over $563,000, at that time. Now the attacks seem to be coordinated with attacks occurring in New York, Louisiana, Maryland and Florida, resulting in the loss of significant sums. Last month the state of Louisiana declared a state of emergency after a rash of malware infections slammed state schools.

Previously ransomware hacks were against small businesses where users were not as sophisticated as in larger enterprises and the ransoms were relatively affordable, a few thousand dollars, making it easier for the victim to pay the ransom rather than go through the hassle of trying to recover the systems on their own. Now ransomware thieves are focusing on larger targets with much larger ransoms since they know that the cost of recovery for larger customers would be in the millions making it more likely to incent them to pay the ransom. The city of Baltimoredecided not to pay the ransom of $76,000  and has already spent more than $18 million in recovery efforts which is still going on since the attack in May.

The FBI advises not to pay the ransom since it only incents the thieves to increase their activities. Paying the ransom is no guarantee that the decryption key will be received in exchange. There is also the chance that the encryption was not done correctly, and the decryption key would not work. The directories and catalogs for the files could also be lost or corrupted, making it difficult restore the files. Ransomware hackers to not provide a Help Desk for these types of problems. Some third parties are advertising that they can correct the problem when in reality they negotiate with the ransomware thieves to buy the decryption key and charge a fee in excess of the ransom to “recover” the data.

A ransomware typically attacks common and known vulnerabilities in computer systems. IT organizations need to examine their systems for such flaws and keep up to date on fixes. They also need to teach their employees not to open suspicious email or click suspect links. Our IT provides us with warnings when suspicious attacks are attempted. They also test us with fake attacks to see if we link into fake links and respond with a gentle reminder not to do so. Businesses also need to back up their data regularly on secure computers. Without backups, paying their attacker is likely the only way to retrieve lost data.

In my previous blog on this subject I mentioned the advantages of using a Hitachi Content Platform (HCP) for storing your data in an object store. In addition to all the security, governance, availability, search, and scalability advantages of an object store, HCP only writes the data once. If the data is read and updated (i.e. encrypted) it is rewritten as another version and the original data is not changed or re-encrypted and can be accessed immediately.
Read Hitachi’s solution profile on how HCP can overcome the risks of ransomware and learn how HCP can keep your business running smoothly, protect your data, eliminate lost employee productivity, and extend protection to remote and branch offices. HCP is part of our DataOps Advantage.

Ransomware hacker are on the rise, be vigilant, be aware, and be prepared. The cost of recovery could be in the millions without an object store and or backup. It might also be good to have insurance. Lake city a small city in Florida, paid a ransom of about $460,000, where insurance covered all of the ransom except for $10,000. Even with the decryption key there was still a lot of work involved in restoring the systems and data.