The ransomware problem won’t get better until we change one thing

Woman looking nervous in front of laptop in office conference room

A woman looks nervous in front of a laptop in an office conference room.

Photo: Getty / VioletaStomenova

Ransomware is one of the major cybersecurity issues facing us today, with cybercriminals hacking into businesses, schools, hospitals, critical infrastructure, and more in order to encrypt files and demand a ransom payment for the decryption key.

Despite warnings not to do so, Many victims pay these ransomsunder the impression that it’s the quickest way to recover their network, especially if cybercriminals are Threaten to leak stolen data. But all this means is that the attack cycle continues, as ransomware groups use their ill-gotten gains to fund more ambitious attacks.

Moreover, there is another problem. Many ransomware incidents are easily hidden, so it is difficult to get a good picture of what is really going on in the world. Even when companies admit to a cyber attack, they are often vague about what happened, and seem more reluctant to describe any incident as an accident. Ransomware attack.

‘Serious cyberattack’, ‘Cyber ​​incident that caused some disruption’ and ‘Data was encrypted by a third party’ – these are just some of the data released by ransomware victims to describe what happened – but it never happened Mention ransomware.

Some victims eventually became more open about what had happened, but only months or years after the incident – and some did not publicly acknowledge that it was ransomware at all.

It’s frustrating not being able to get a comprehensive and clear picture of what’s going on – even if by reading between the lines of vague statements about an ‘advanced cyber incident’ that led to a ‘disruption of services’, it is clearly a ransomware attack.

The lack of transparency about ransomware attacks and other cyber incidents hurts everyone.

We see: Ransomware: Why it’s still such a big threat, and where gangs are headed next

Some victims are quick to reveal that it is ransomware Victims of ransomware attacks were interviewed, who, after the incident ended, Ready to talk formally about what happened It was interesting to hear CIOs and CIOs talk about what happened.

The common denominator among cybersecurity leaders who choose to talk about organizations that have been hit by ransomware is that they want to help prevent others from becoming the next victim by detailing Lessons They Learned About Strengthening Cyber ​​Defenses To prevent future accidents.

lessons like Apply security patches on timeproviding users over the network b Multifactor authentication (MFA) in addition to regularly updating backups, moves that can help stop ransomware attacks in their tracks. The best time to take action is before the attack occurs.

Ransomware isn’t just a technical problem: Ultimately, these cyberattacks affect everyone, and we often give up on why the services we rely on don’t work.

In some cases, this appears to have already changed; Recently, Los Angeles Consolidated (LAUSD), The second largest school district in the United States has been attacked by ransomware, Disclose the incident to the authorities immediately, in addition to informing the general public of the latest developments regarding the situation.

Their approach was praised by CISA Director Jane Easterly, who said LAUSD defines “the value of transparency when responding to a cyber incident – ​​its speed, clarity and focus on partnership is commendable” and describes it as “a great example of how to keep stakeholders informed, including potential impacts and what to expect next.”

Dealing with a ransomware attack is a challenge, but the way organizations frame the experience is just as important as the technical response. By detailing what happened and how the incident was resolved, they can actually generate positive feedback and show that ransomware gangs shouldn’t always be feared.

It may prevent others from suffering the same fate. In the fight against ransomware, it would be better for everyone if there were More transparency about attacks.

ZDNET opening on Monday

Monday’s ZDNet editorial is our opening for this week in technology, written by members of our editorial team.

Previously on ZDNET’s MONDAY OPENER:

Leave a Comment