Tech security and Interpol experts come together to discuss ways to deal with cyberattacks
IT is just another day at the office. While in the middle of an important task on your computer, everything suddenly goes blank and you cannot access your work or data any more. Then, before you know it, a ransom note pops up on your screen.
People think that if their company is small, the chances of becoming a victim of cyberattacks are low to none, and that cybercriminals target only enterprises. But they are very wrong.
In fact, small and medium enterprises are targeted by hackers at nearly the same rate as larger companies.
The only difference? Large enterprises are better equipped to handle the technical challenges and costly downtime.
TO PAY OR NOT TO PAY?
The issue arises when a company receives the ransom note: "Pay and your data will be safe. If you don't pay, it will be compromised."
What would you do? During a panel discussion at the Acronis #CyberFit Summit Singapore 2022, the moderator asked the same question. To his disbelief, there were quite a few in the audience raising their hands saying they would pay. Why? "Business must go on," they answered.
Interpol's head of Africa cybercrime operation desk, Jacqueline De Lange, who was one of the panellists, advised all victims to report the situation to law enforcement and not take the matter into their own hands.
"Respond to the note, but do not make payment right away. Initiate negotiations and report to law enforcement agencies, too," said De Lange, adding that by making reports, law enforcement can do their job, which includes profiling the criminals and maybe catching them too.
But, when it comes to the countdown clock, Cloudable general manager Kenny Tay said he understood what it felt like to see that time is running out, and a decision needs to be made immediately — pay and get back everything, or ignore it and deal with the consequences.
"That's what everybody thinks," he said. "We'll never know if the data is intact or compromised. Once they (cybercriminals) get hold of the data, we can never be sure if they're safe or compromised. The best practice is to have your data properly backed up, and that too, will take time to restore," he added.
Sadly, according to Tay, most companies decide to hire a specialist only after an attack happens. They want to save money, but may end up wasting more in paying the cybercriminals. "That too has no promise in recovering all data and knowing for sure that everything is safe. They are criminals first and foremost.
"Morally, you shouldn't be paying the ransom," said AWS head of security for Asean, Bryce Boland, who was also part of the discussion panel. He said paying the ransom would only encourage the criminals to continue with their actions.
There's no stopping them even after the payment is made, said Boland.
SECURITY BREACHED, WHAT TO DO?
Coming to an agreement that no ransom should be paid, the panellists listed steps for victims to take.
First and foremost, they should always negotiate with the perpetrator and report the crime.
"The negotiation phase is especially important to buy time for law enforcement, such as Interpol, to take action. We have dealt with many criminals and this is the best time for us to start profiling the criminals," said De Lange.
Then, gather all IT specialists to evaluate the situation.
"This is important because these people need to know if the data is recoverable or not, and the next course of action needed in terms of system recovery," explained Boland.
Next is to get the legal team on board too. According to De Lange, paying the ransom has legal implications too as it involves compromised data, security breaches as well as criminal acts, which is why it is best to have the legal team to assess the situation along with others.
PREVENTION IS BETTER THAN CURE
"Don't decide to do back-ups after being ransomed, do it before," said Tay, who couldn't stress enough the importance of having an intact security system.
The panel agreed that taking precautions would definitely prevent anyone from becoming a potential victim.
But, in the case of breached security, victims need to think ahead and make sure the same incident won't recur, and by doing so will prevent criminals from repeating their offence.
"Always report ransom attacks and refrain from paying the ransom. We can never be sure that they would 'return' the data or keep it for the next round of extortion," said Craig Jones, Interpol's Global Cybercrime Programme cybercrime directorate and senior responsible owner.
Jones said as business models evolved, cybercriminals would also change their tactics as they were more business-minded now.
"They (cybercriminals) are business-minded, they look at ransomware as a service. Just like online shopping on e-commerce platforms with all their campaigns, there are loads of 'services' available for ransomware too," he said, adding that sharing information with law enforcement will help everyone as police need the basic information before they can do anything.
"Information is one of the basic necessities for tackling cyber crimes, or any crime in the future," he said.