Travelex pays $2.3 million USD ransomware bailout: Ransomware cases silently rise during COVID-19
If your business faced a ransomware attack, would you pay the hacker?
It’s estimated by Kaspersky that 45% of business employees are unaware of how to handle a ransomware attack, and especially given the current circumstances, this is a critical cybersecurity opening for many organisations.
Wherein the majority of organisations are used to a conventional security structure with secure office networks, firm access control policies, and countless on-site security measures to reduce risk, countless workers are now suddenly minimising or totally missing these security measures in place for stock-standard home networks and a plethora of exploitable risks that come with the move.
In 2019, it was also estimated that 15 percent of all ransomware victims chose to pay the ransom. However, it is widely recommended that ransomware should be treated similarly to a real-life hostage situation: never pay the ransom.
Not only does this not guarantee that the hacker will remove the ransomware, but it also incentivises them to target you and similar businesses again.
A recent example of a massive ransomware payout was that of Travelex in December 2019. Travelex is a foreign currency exchange that services businesses across 26 countries, and in response to a targetted attack by the prominent hacker group, the Sodinokibi gang, Travelex paid out a sum of $2.3 million dollars.
The Sodinokibi gang held 5GB of encrypted data at ransom to accomplish this payout, which they promised to delete upon payout. The issue is that while the payout did prevent the attackers from publishing the sensitive data, there is no way of knowing whether they actually deleted the information.
And considering that this is a criminal group, it only stands to reason that they’d keep it as a further avenue of exploitation and profit.
While the Travelex incident was late last year, research indicates that ransomware attacks have gone up significantly throughout the COVID-19 pandemic, especially against businesses in the health industry.
Regardless of whether or not your business lands in the health sector, here are some precautions you can take pertaining to ransomware, especially in these current circumstances:
- Be cautious of ransomware scams disguising as COVID-19 apps or services (Read here)
- Evaluate what security measures are missing due to work-from-home, and do your best to replicate them in employee houses (See my article from last week)
- Back. Up. Your. Data.
That last step is especially important, as oftentimes the only thing that can give you some leeway in the case of a ransomware negotiation, is if you have a copy of stolen data to restore from. (See Here for more information on developing a back-up plan for your business)
Finally, for more details on staying safe online and covering your work-from-home security, see our remote-working program.