Reeling under the dilemma of ‘to pay or not to pay ransom’?

During the Easter weekend in April a ransomware attack on a food-logistics firm in the Netherlands caused shortages of prepackaged cheese in supermarkets across the country. Similarly, in August 2020, more than 10 universities across the UK and Canada were compromised when threat actors hacked Blackbaud, a cloud computing provider frequently used by educational institutions. In early 2020, the New Orleans city government had to pay $7 million to hackers to restore services. And just a week ago and right before its spring announcement, Apple’s data and schematics about unreleased products landed in hackers’ net through its supplier Quanta Computer. As part of this leak, hackers warned Apple that they should buy back the data by May 1st or it would be leaked. The list of ransomware victims – including governments, software companies, credit rating agencies, manufacturers, retailers, hospitals, pharma players, logistic firms, schools, banks and hospitality majors – is endlessly mushrooming worldwide.

This is despite all the efforts they make to secure themselves from external and internal cyber threats.

Ransom is risky

But in the ever-evolving technology landscape, hackers are quicker to evolve, adapt and try new tools compared to organizations. Plus, ransomware groups are swift to maneuver and experiment tricks that leave no choice for victim organizations but to succumb to their demands. With the double extortion tactic, hackers have just achieved that. They have begun to exfiltrate data before they encrypt it so they can blackmail victims to leak it if not paid ransom. It is the surefire way of extorting money from victims. Without distinction, all kinds of organizations including city state governments are today compelled to pay ransom to these groups. 

But while companies and governments are absolving of the malady by simply shelling a handsome amount in ransom, it doesn’t mean that it is the shortest and the safest route to get rid of this issue. It is merely an eyewash, a trick which hackers employ to dupe organizations. In fact, it is one of the riskiest paths that will attract a bouquet of troubles to your organization. In the first place, ransom doesn’t guarantee that you will get your data back and whether threat actors won’t leak it online later or sell it to your competitor. Secondly, if the ransom is paid to a group backed by a nation-state on sanctions list, it could even land a company in legal trouble.

Sweat more in peace to bleed less in war

The war begins much before you step into the war zone, which means preparing to combat ransomware requires you to fortify yourself much earlier. With Zero Trust approach embedded into your cybersecurity strategy, organizations can achieve it. At the core, the Zero Trust philosophy challenges the traditional “trust but verify” cybersecurity model and recommends that organizations “never trust, always verify” by localizing and isolating resources through microcore, microsegmentation, and deep visibility. In a Zero Trust environment, all internal communication is treated as potentially hostile. This helps stop ransomware from moving laterally across the network. In his article published by ISACA Journal, ‘Harnessing Zero Trust Security’ Rajiv Raghunarayan (Vice President – Products at Cyberinc) explains how organizations can adopt and implement Zero Trust.

One of the best ways to put Zero Trust to work is to adopt Remote Browser Isolation (RBI), a Zero Trust-based solution. RBI is a simple yet effective way to provide browser security by containing browser activity inside an isolated environment. In other words, RBI fetches, renders, and executes all elements of a page away from the user’s device, by successfully protecting against all ransomware attacks and sparing organizations all the headaches – monetary losses, lawsuits, regulatory action, and reputational damage. Moreover, RBI can now deliver smart isolation to improve the user experience and strengthen security against the most prominent web, email, and document-based threats.

The SANS Institute in its report also explains why remote browser isolation is critical to any organization’s cybersecurity program for one key reason: almost all work performed today requires use of the browser, especially with current remote workforce models and greater dependence on the cloud, and attackers focus on the browser as one of the biggest – and potentially most vulnerable – attack vectors.
In essence, Zero Trust and RBI not only help you by preventing the trouble ransomware can cause but also save you from paying ransoms.

Onkar Sharma

Principal Specialist – Content Marketing, Cyberinc