A closer look with Dan Cimpean from DNSC
Ransomware attacks are becoming more sophisticated and more frequent. On top of this, they are targeting a wider range of organisations, not just large enterprises but SMEs as well.
One of the most concerning trends is the rise of ransomware-as-a-service (RaaS). RaaS makes it easier for criminals to launch ransomware attacks, even if they don't have any technical expertise.
But what other trends are there in ransomware attacks and demands? And how to protect your organisation against these attacks? Find out below in a short conversation between Steven Cauwenberghs (Partner BDO Cyber Security) and Dan Cimpean, Director at DNSC (Romanian National Cyber Security Directorate).
Steven: “Given your position at the DNSC, what are the recent trends in ransomware demands?”
Dan: “The average ransomware payment went up between 2019 and 2021, with a range of average payment amounts going up (during pandemics) from approximately $25,000 to just over $300,000. However, as of 2022, known average ransom payments appear to have stabilised at around $200,000, and have gone down slightly since then.
This is likely due to a number of factors, including:
- Attackers are now targeting massively small or medium organisations, while adjusting (lowering) the average ransom. This is because attackers can make more money by targeting multiple smaller organisations than by targeting a few large organisations.
- Ransom payments are reaching a market equilibrium, where threat actors are becoming better at tailoring their demands to what their victims are most likely to pay given the growth of recovery cost and the risk of reputational damage from public data leaks.
- The insurance industry is starting to play a role in ransomware payments. Insurance companies are increasingly offering coverage for ransomware attacks. However, some cyber insurance providers are tightening their policies and terms regarding reimbursement for ransomware payments.”
Steven: “Considering all the money involved, what are the risks of paying a ransomware demand?”
Dan: “There are various risks associated with paying a ransomware ransom, including:
- There is no guarantee that you will regain access to your data or systems. Even if you pay the ransom, there is no guarantee that the attackers will decrypt your data or give you back control of your systems.
- You may be targeted again for future attacks. By paying the ransom, attackers see this as a sign that you are agreeing to their terms, making them target you again in the future.
- You may be funding other criminal activities. Ransomware payments are often used to fund other criminal activities, such as drug trafficking and terrorism.
- Paying the ransom may be illegal in your country"
Steven: “What would be your approach to protect your organisation against ransomware?”
Dan: “Traditional mitigation measures are not robust enough to combat the evolving threat of ransomware. Organisations should adopt a defensive in-depth (multi-layer) strategy to protect their data, devices, systems, and networks. Not only from ransomware, but also from other types of malwares and cyber-attacks in general. On top of the technology stack, there should be awareness campaigns and organisations need to adopt a strong GRC (Governance, Risk management and Compliance) mindset. The main points of the latter are:
- Risk assessment
- Backup planning
- Incident Response tailored for ransomware incidents inclusive of a playbook
- Disaster recovery plan for the whole business
- Communications with all key stakeholders both internal and external”