There is a new breed of crypto-ransomware software emerging from the depths of the darknet called “CryptoJoker,” which allows a victim to negotiate a fair ransom payment with the cybercriminals holding their data hostage. As the crypto-ransomware industry explodes; cybercriminals are finding more creative ways to extract money from organizations at an alarming rate.
Increasing Odds for a Ransom Payment
It appears cybercriminals are getting really savvy with the latest iteration of ransomware. They have figured out a way to increase their chances of a successful ransom by offering a method of negotiating a ransom payment.
The good news for the ransomware victims is they now have the ability to negotiate a fair ransom for their data, and if anyone is forced to pay, I hope they negotiate down to as little payment as possible. The negotiated ransom is a genius move on the part of the cybercriminals. There are plenty of companies that have refused to pay a ransom due to the price and offering an avenue to negotiate a ransom increases the odds that the cybercriminals will at least get something out of the deal. Consider this. Let’s say a cybercriminal encrypts your data and demands a ransom of $1,000 with the option to negotiate the ransom. You counter offer with $200 and the cybercriminal accepts. Will you pay the $200 or will you wait for your offsite tech to arrive later today and pay him $90 an hour to spend half the day onsite tracking this down and restoring data from backups? Don’t forget your employees are getting paid while the system is down, bringing productivity to a halt while customers are walking through the doors and getting frustrated since you cannot service them. As you can see the option of waiting for a technician to arrive and clean this up keeps getting costlier and costlier. In this quick cost savings analysis; the cybercriminals always win.
Cybercriminals Cashing In $$
December 2015 – The Brown Firm - Jacksonville Florida Law Firm pays $2,500 bitcoin ransom.
January 2016 – Swansea Police Department pays $750.
February 2016 – Hollywood Presbyterian Medical Center’s data held hostage for $3.6 million. The hospital paid $17,000 in bitcoins.
February 2016 – Melrose Police Department in Massachusetts pays 1 bitcoin ransom.
February 2016 – Tewksbury Police Department paid $500.
February 2016 – Horry County Schools pays $8,500 ransom to unlock servers.
March 2016 - Methodist Hospital in Henderson, Kentucky hacked. Cybercriminals demand $1,600 ransom. Hospital endured a 5-day state of emergency and claims they didn’t pay the ransom.
How Low Will They Go?
It is difficult to say how much less a cybercriminal will accept from their initial ransom demand, and I wouldn’t recommend negotiating with them unless it’s the last resort. What I do know is that other companies have been successful in negotiating a ransom. Hollywood Presbyterian Medical Center was facing a demand for $3.6 million dollars and was successful in negotiating the ransom down to $17,000. The dollar amounts are very inconsistent - however, one thing is clear. The amount of money demanded has continued to increase with the amount of sensitive information breached.
How to Stop Ransomware Attacks
If the cybercriminals were able to breach your network once and extort money from you; they will return and attempt to do it over and over again. I’ve documented one customer that has been hit with ransomware three times. It is up to you to lock down your network, and after getting hit with ransomware once you will begin to understand why that is so difficult to do. Here are a few things you can do right now to give yourself a fighting chance against cybercriminals and ransomware.
Employee Education: Cybercriminals use social engineering attacks to manipulate your employees to react to phishing emails and phone calls. Educate your employees to scrutinize suspicious emails and not divulge sensitive information over the telephone.
Backups: Review and run regular backups of important files. If you are hit with ransomware you can use a previous backup to restore your data. This can be a time-consuming process and you might lose some work but you may be able to avoid paying the ransom with a good backup.
Software Updates: It’s critical that you keep software updated and deploy security updates and service packs immediately. Patches address security vulnerabilities in software that cybercriminals exploit.
Advanced Endpoint Protection: Antivirus and a firewall are no longer sufficient measures to keep cybercriminals off your network. Advanced Endpoint Protection uses behavior-based analysis to detect suspicious behavior that antivirus has missed.
Deploy WatchPoints: "WatchPoints" are files placed on your network to lure attackers who have breached your defenses. For example one WatchPoint offered is a Microsoft Word document that alerts you when it is accessed. The idea is to give it a very attractive title like “Sensitive Passwords.docx” to lure in the cybercriminals. If the document is accessed, you and the WatchPoint team automatically receive a notification.