Comments by: Jonathan Knudsen, Senior Security Strategist, Synopsys Software Integrity Group
As details about the Tokio Marine Insurance Singapore (TMiS) ransomware attack continue to emerge, questions will be asked. Will the ransom be paid? Can data be recovered? What kind of damage will this cause?
The only question that matters is: how can a problem like this be prevented?
The reason ransomware is so successful is that so few organisations are properly prepared. Organisations often focus solely on functionality when selecting, deploying, and operating software. They work hard to make software do what they want it to do, but security and robustness are often neglected or ignored.
To prevent accidental or malicious disruptions, organisations must adopt a proactive, security-first approach to software. Where is your data? How is it protected? If something bad happens, like a ransomware attack or a tsunami, how will you recover?
Software is a powerful tool for organisations of all kinds, but it must be selected, deployed, operated, and maintained inside a framework of security and resilience.
Comments by: Ian Hall, Head of Client Services, APAC, Synopsys Software Integrity Group
Any organisation should begin the response to a ransomware long before the attack in the form of preventative measures, backups and an incident response plan. In this case the preventative measures have been bypassed so the incident response plan should be put into action where they will need to assess the two options – whether to recover the data and systems using backups or to pay the ransom. The assessment on which option to take has many different factors – the downtime needed to restore backups, the cost of the downtime, the cost of the ransom, the trustworthiness of the attacker (if it can be called that).
Paying a ransom does sound like quick fix but there are downsides even if the ransom is affordable. The decryption software provided by attackers may not work leading to corrupted data, the attacker may simply not provide anything after the ransom has been paid. Finally, paying any ransom will simply encourage more attackers in future.
Corporations are obviously the bigger targets with potential multi-million dollar ransoms being paid but end-users are also targets. They are targets not just for ransomware that encrypts data but also extortion-ware where attackers threaten to expose public details or photos. An end-user should pay attention to basic online hygiene such as ensuring that a strong password is used which is not duplicated on many sites, ensuring that the software on your own computer is up-to-date and of course being weary of phishing attacks.
Comments by: Prakash Bhaskaradass, Director for Growth Technologies, Check Point Software Technologies
If the ransomware attack is successful, the organisation is faced with a tough choice of whether to pay the ransom or not. Either way, companies must go back to the beginning and find out where and how the incident occurred in the first place.
Whether it was human factors or a technology gap that failed, go through a detailed root cause analysis and recalibrate the entire infrastructure and strategy to ensure that a similar incident never occurs again. Taking this step is necessary regardless of whether an organisation pays the ransom or not. One can never take comfort in the fact that somehow data recovery has occurred and consider the incident resolved.
So to pay or not to pay? The answer is not as simple as it first appears. While the ransom amounts are sometimes in the hundreds of thousands or millions of dollars, outages of critical systems often surpass these amounts to a point of no return. However, enterprises must remember that even if the ransom is paid, it does not mean that the data, or even part of it, will actually be decrypted. There are even known cases where attackers have bugs in the codes so that the organisation cannot recover the data even if they wanted to.
Don’t rush into a decision and consider all your options carefully. Paying the ransom should really be the last resort.