Targets of ransomware rarely publicly acknowledge attacks. More openness would help everyone.
Ransomware is one of the most significant cybersecurity issues we face, as cyber criminals hack into businesses, schools, hospitals, critical infrastructure and more, in order to encrypt files and demand a ransom payment for the decryption key.
Despite warnings not to, many victims pay these ransoms, under the impression that it’s the quickest way to restore their network, particularly if the cyber criminals are also threatening to leak stolen data.
This makes the attack cycle continue, with ransomware gangs using their malicious gains to finance more ambitious attacks.
Beyond this there’s another problem. Many of ransomware incidents are simply kept under wraps, so it’s hard to get a good picture of what’s really happening in the world.
Even when companies do admit to a cyberattack they are very often vague about what has happened, and seem most reluctant to describe any incident as a ransomware attack.
A ‘serious cyber attack’, a ‘cyber incident that has caused some disruption’ and ‘data being encrypted by a third-party’ – those are just some of the statements put out by victims of ransomware attacks to describe what happened, but never mentioning ransomware.
Some victims eventually become more open about what happened, but only months or years after the incident, and some never publicly acknowledge it was ransomware at all.
It’s frustrating not being able to get a comprehensive and clear picture about what’s going on. By reading between the lines of the vague statements about a ‘sophisticated cyber incident’ that has ‘disrupted services’, it’s clear that it’s a ransomware attack.
The lack of transparency about ransomware attacks and other cyber incidents is damaging to everyone.
Some victims are very quick to disclose that it’s ransomware. The common theme among these cybersecurity leaders who choose to speak up about being hit by ransomware, is they want to help prevent others from becoming the next victim, by detailing the lessons they learned around bolstering cyber defences to prevent future incidents.
Lessons like applying security patches on time, providing users across the network with multi-factor authentication (MFA), plus regularly updating backups, are moves that can help stop ransomware attacks in their tracks. And the best time to take action is before the attack takes place.
Ransomware isn’t just a tech problem. Ultimately, these cyberattacks impact everyone, and we are often left in the dark about why the services we rely on aren’t working.
In some cases, it looks like this is already changing; recently, Los Angeles Unified (LAUSD), the second biggest school district in the US, was hit by a ransomware attack, immediately disclosing the incident to the authorities, as well as keeping the wider general public up to date about the situation.
Their approach was praised by director of the Cybersecurity & Infrastructure Security Agency (CISA) Jen Easterly, who said LAUSD “clearly knows the value of transparency when responding to a cyber incident, their speed, clarity & focus on partnership is commendable” and described them as a “Great example of how to keep stakeholders informed, including potential impacts & what to expect next.”
Dealing with a ransomware attack is a challenge, but the way organisations frame the experience is just as important as the technical response.
By detailing what has happened and how the incident is resolved, it actually generates positive feedback and shows the ransomware gangs do not always have to be feared.
Speaking up just might prevent others from suffering the same fate. In the fight against ransomware, it’s going to be better for everyone if there’s more transparency around attacks.