Whether it’s a DDoS or a malware attack, hackers have been exploiting companies far and wide, making it pretty obvious that ransomware is the new black. Just this month, the University of Calgary had to cave to a $20,000 ransom demand*, paid in bitcoins, to attackers who have encrypted their systems through a malicious software strain that got into the school’s network. Since the school’s own IT administrators were unable to decrypt the files, they had no choice but to pay up.
What’s this mean for us?
Criminality is increasing through electronic mediums, with ransomware and network attacks being easy to do, as they’re completely accessible from the comfort of one’s home. It’s easy to buy and access tools that enable malware to be easily distributed. It’s easy to deploy and potentially even more so due to social engineering attempts, and it’s easy to get paid since anyone who values their data and network integrity will likely give in to the hackers’ demands in order to be left alone and not deal with the headache the data loss may have created internally.
Worse is potentially how we’re creating this kind of environment to flourish. Yes, we are all vulnerable. We’re all potential victims. If we have some sort of IP address or network that is exposed, we could get harmed in some way. It’s easy to be hit with a denial of service that takes anything and everything we need to support our families down for the count. As employees that are overwhelmed not only with work but also the information overload era (no thanks to social media), we’re also facing too much disruption in our workday, making it easy for us to fall prey to emails that may contain links or files that could be downloaded and could then potentially spread like a virus across our corporate intranet.
After all is said and done, it’s clear that people want to move on from the hassle of dealing with cleaning up shop--there are already dozens of other tasks to do, but downtime derails work efforts and adds more work to our already busy loads--and it’s easier to pay than to miss another day of work or to neglect our to-do items in favor of preferring to get the network back up to speed so that we can resume our responsibilities.
Is the new standard to pay up? Perhaps, then, that’s the answer. It certainly has motivated the University of Calgary and other companies having fallen prey to attacks in recent years. Have these victims ever had the upper hand? Look for my next article: Ransomware: can you negotiate price? to hear my take.
(* I wonder if that chunk of cash affects tuition rates in upcoming years… which makes one wonder – does insurance cover that?)