Ransomware & Ransom DoS: 4 Reasons You Shouldn’t Pay

Sep 27, 2016 | Insights, Managed Services

According to IDG Research, costs associated with ransomware totaled $209 million in the first quarter of this year alone. One factor contributing to the rapid increase in ransomware and DDoS threats for ransom (also known as ransom DoS or RDos) is that people and companies are paying these ransoms, allowing cyber criminals to establish a steady stream of income. What would your company do if faced with a DDoS or ransomware threat? Here are four good reasons paying up shouldn’t be an option.

1. If you pay, they will return.

Sometimes companies pay a ransom because they determine that the cost of the ransom is less than the cost of prevention, and definitely less than the cost of an attack or loss or data. It’s important to understand that once a company pays up, they will most likely be threatened repeatedly. The company’s reputation for paying will also become known in the world of cyber criminals.

2. Ransom is a crime – not an IT Issue.

If the mafia demanded a “tax” from your company to stay in business, would you pay them or notify the police? Some companies tend to view DDoS or ransomware payments as an IT expense – something they just have to deal with. The bottom line is that demanding money from a company with the threat of a pending DDoS attack or data loss is extortion, and if you pay, you are supporting and encouraging cybercriminals, period.

3. The threat is not always viable to begin with.

Organizations often receive emails that are empty threats, warning that a DDoS attack will occur on a certain day and time if they don’t receive a specific sum. As Radware’s security researcher for their Emergency Response Team says in his article Ransom, Ransom Everywhere, “Attackers know they can spam out hundreds of ransom letters with no intention of launching a DDoS attack while still getting someone to pay.” Attackers who are serious about DDoSing your company will usually (but not always) prove themselves by threatening your network with a minor attack before the real attack. They may also give you a specific timeframe in which the test attack will occur. This is why monitoring network traffic is so essential.

4. Demonstrate leadership in your industry.

The perfect example of leadership when it comes to resisting a cyberthreat for ransom is Computop, a leading payment service provider based in Germany. Rather than trying to hide the fact they had received a DDoS threat for ransom, the company’s CEO wrote an email to all of their 5,000 customers to tell them they would likely experience an attack on the specified date, and that they should expect some issues with their platform. (Computop provides a secure online payment platform.) He sent a follow-up email to all customers just hours before the attack to remind them. Additionally, the company consulted their data center provider, hired a security consultant and ultimately decided to use a cloud mitigation platform.

Because of Computop’s response to the threat, they got international exposure from IT publishers such as ComputerWorld and social media engagement. Computop’s CEO also stated that he got no customer complaints regarding the emails, and most of them expressed gratitude for the head’s up. In the end attackers backed off. They suspect it was because the attackers detected the mitigation tool.

How to Handle Threats

In most cases, it’s impossible to know whether a potential attacker plans to follow through on their threat. Companies should have malware detection and attack mitigation tools in place. Create a budget for these rather than budgeting for ransom. According to security experts from Illusive Networks, malware detection should focus on the core activity of ransomware: encryption. For DDoS protection, we recommend a hybrid tool that can mitigate attacks on premises or in the cloud and provides Network Behavior Analysis and real-time alerts.

Learn more about Data Foundry’s DDoS mitigation service.