Ransomware has been around for more than three decades, so it's hardly an unexpected threat. And yet, organisations large and small are still being taken completely by surprise by the file-encrypting malware, leaving them to decide between rebuilding many of their computer systems from scratch to rid themselves of the ransomware or paying up to the crooks in the hope that they will hand over the encryption keys. So why aren't we learning the lessons from all the companies that have already been hit by ransomware over the years? Here are a few reasons.
- Nobody thinks that they will be the next victim
This is one of the root problems; while many organisations are aware of the ransomware threat, they don't think they're going to be the next victim. Some firms think they are too small or obscure to be noticed by ransomware gangs. Others think they are too well protected to be at risk. Both can be wrong; some ransomware attacks start with a spray of malware-filled emails that could end up in pretty much anyone's inbox; others start with randomly scanning for internet-facing ports. Either of these could put any organisation of any size at risk. And as for those big companies that think they are invulnerable? Well, there are plenty of examples of huge organisations being hit hard by ransomware gangs who have the money and the time to play a long game.
SEE: Network security policy (TechRepublic Premium)
- Security basics are ignored
Ransomware crooks are sometimes portrayed as master criminals and while they are undoubtedly sophisticated, most ransomware attacks are preventable by relatively straightforward steps. Keeping software patched and updated is one of the basics. Some of the ransomware that is causing the most problems relies on some pretty old software flaws in order to spread. Fixes for these flaws are readily available and yet too many companies aren't applying them. Of course, software patching is boring, time consuming and costly work that brings little obvious benefit. But rebuilding all your customer databases after a ransomware attack is probably going to be a lot worse.
- Staff aren't taking security seriously
Because some ransomware attacks still start with a bogus email, a wrong decision by an individual worker can put your whole organisation at risk. That means educating staff as to what phishing and ransomware looks like is extremely important. Also, it's still too easy for a single mistake to cause chaos because once crooks have access to the network, too many times companies stick with default passwords across the network, or give too many staff too wide-ranging access to systems, which means that once their account is hacked, the threat to the broader organisation is much greater. Remote working is not making this any better, of course.
- Catching ransomware gangs is far too hard
Most police forces struggle with such limited resources that investigating major crime is hard enough. Trying to investigate cybercrime – which is never a top priority – is even harder because few officers have the expertise to understand what crime is being committed, let alone understand how to chase the crooks involved. Even if the police do have the resources and the skills to pursue these gangs, there is also the reality that many will be hard to trace. And even if police can identify the crooks, they often live in jurisdictions far away that are in little hurry to hand them over to stand trial, in some cases because the line between the ransomware gangs and the state itself is blurred.
- Too many businesses will pay the ransom
It's hard to tell how many ransomware victims actually pay up, but some estimates put it as high as between a third and a half. And while police will urge victims not to pay up, it's understandable that when faced with either paying or losing their entire business, some execs will grit their teeth and reach for the bitcoin. The bigger problem here is that not only does this reward the criminals, it also encourage more crooks to give ransomware scams a go. One ransomware group alone managed to generate around $60 million in an 18-month period.
More ransom payments means more ability to hire developers to make their ransomware more effective. More ransom payments means the crooks can spend the time and effort on bigger targets that might take longer and more resources to crack. More ransom payments means the whole cycle starts again – with the gangs stronger than ever.
ZDNET'S MONDAY MORNING OPENER
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.
PREVIOUSLY ON MONDAY MORNING OPENER:
- After spinning wheels with 10nm, Intel did not need its new 7nm delay
- Cybersecurity basics more important than ever in the new normal of remote work
- How higher education may go best of breed, be disassembled amid online learning
- Lenovo improves ThinkPads running Linux but issues with problem machines remain
- Ransomware is now your biggest online security nightmare. And it's about to get worse
- How Salesforce plans to make virtual TrailheaDX 2020 a better, more meaningful tech conference
- How Impact Africa Network aims to change society via entrepreneurship, STEM, and innovation
- Cash payments plummet thanks to pandemic
- Return to work: How the technology mix we rely on is about to change, again
- Salesforce SMB exec Marie Rosecrans shares insights on meeting the unique needs of small business