Remember how cybersecurity professionals were telling municipalities not to pay ransomware extortion as it would reinforce and embolden future attacks specifically against their sector? Well, it appears that over 20 government agencies throughout Texas have been hit with ransomware in a coordinated attack.
I cannot emphasize enough that if you satisfy the cyber criminal’s objectives of financial gain today, they will come back tomorrow with more enthusiasm, focus, resources (thanks to you), and greed.
Just like scammers who find a class of easy victims, they then target them in the future.
Paying ransoms may seem like a quick and short-term fix, but doing so is corrosive over time to the entire peer group and it does not even guarantee all the files will be restored.
Many attackers leave backdoors so they can come back later and do it again. It makes perfect sense when you have a victim willing to pay.
Let me put it another way. Imagine everyone is floating in the ocean when a shark comes by. Having an unprepared person panic and throw food at it may get it to eat the chum and temporarily swim away, but the end result is a school of sharks will appear and begin preparing for a meal. That puts everyone on the menu and in serious danger.
So again, I will say unequivocally that, ransomware extortion should NOT be paid. Don't chum the waters! The best protection from ransomware involves being prepared before you are attacked. If you have failed to prepare, then the next best solution is to burn it all down, rebuild everything, and restore the data you can. It is the only way to be sure the attackers have not left anything nasty behind
Some of my colleagues will say otherwise, but they are often only looking at the ROI of that one organization which is impacted at the moment and not the strategic picture of the whole community. I am happy to argue and debate with them about what is best for the long-term health of our shared digital ecosystem.
Paying criminals only creates a bigger and more powerful problem.
Matthew Rosenquist is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services.