To Pay or not to pay…that is not the question

Charl Retief, Commercial Director
April, 2017
6 mins read

Since the year 2000, 52% of the companies in the Fortune 500 aren’t on the list anymore, they’ve either gone bankrupt, were acquired or dropped off the list (Source: Digital Transformation by Mark Baker). Upon deeper investigation the involvement of digital technologies seems to be a common thread. Recent historyabounds with examples of where companies have closed their doors due to technological evolution having passed them by.

Contrary to common understanding, digitalization goes beyond simply digitizing existing or traditional business processes to become more efficient. Digitalization is about creating new revenue streams through leveraging current and emerging digital technologies. Gartner termed this phenomenon as Digital Business. Amazon is a great example of spinning up new digital revenue streams; they are world leaders in doing digital business.


Digitalization is also about transforming traditional revenue streams into becoming digitally enabled to remain competitive. The automotive industry has done this to great effect, where cars have become increasingly digitally enabled over the past 10 years. Other great examples of this are that of Uber and Airbnb.


There is no argument - Digital technologies have become ubiquitous in our daily life and will become even more pervasive into the future

Current major technology trends behind all of this are IoT, Machine Learning, Mobility, Cloud, Social Media, Big Data, Wearables and Blockchain. Gartner talks about the nexus of forces, where these technologies converge and create an exponential disruptive effect. Almost like a perfect storm. When a commercial organization is able to align their initiatives to take hold of this nexus, significant value can be realized. As such, many companies are feverishly working to launch or fast track their digital transformation initiatives. Research published by Accenture corroborates this, it was found that 82% of the respondents agreed that digital strategies are key to remaining competitive. (Source: Accenture Technology Vision 2016).


Further supported by the IDC stating, by the end of 2017, revenue growth from information-based products will be double that of the rest of the product/service portfolio for one third of all Fortune 500 companies. (Source: IDC FutureScape 2017)


Notably, cyber security is often overlooked in the push for the digital edge. Establishing new digitalized revenue streams and digitally improved products and services at a rapid pace often means that cyber security requirements are neglected. Speed to market is what it’s all about, consequently cyber security becomes an after-thought. Gartner is of the opinion that by 2020, 60% of businesses will suffer major failures due to the inability of IT security teams to manage digital risk (Source: Gartner Newsroom 06/06/2016)


Interestingly and somewhat in contrast to digitalization initiatives, many large organizations consider the risks around cyber security to be in the top ten that face them. So, on the one hand there is this strategic drive to digitally transform the business and on the other hand there are the ever increasing cyber security risks. Both being an executive level concern.


Who is winning the race?

The cold hard truth is that the rapidly evolving technologies are also available to cyber criminals.

The UK National Crime Agency asserts in their Cyber Crime Assessment of 2016 that cyber criminals are adopting new tools, techniques and technologies faster than the companies they target. In other words, cyber criminals are currently winning the “cyber arms race”.


One manifestation of this is the recent proliferation of ransomware attacks. Modern day ransomware variants are highly sophisticated and encrypt all files on the computer it infects. To the point where the computer will stop any processing and be on complete lockdown. The perpetrators then ask for a ransom payment of a certain amount. At this point the victims are urgently trying to pay the ransom to the attackers to release their digital asset, though this is not always practical or feasible. Often the payment channel used by the criminals may be blocked by authorities or the attackers simply don’t honor their part in providing the keys to unlock the ransomware.


Either way, once a computer is locked down by ransomware, it’s already too late…


Digital Reliant Revenue Streams and Ransomware

For an organization that has established, or is in the process of establishing, revenue streams reliant on digital technologies the question is then this:what is more damaging to a business? Paying the actual ransom amount, or the loss of revenue due to a digitally enabled revenue stream being down?


To illustrate the point, in a recent incident an Austrian hotel was hit by ransomware. The reservation system was compromised, and as a result new guests could not access their rooms. The actual ransom amount requested ($1700), pales into insignificance when compared against loss of revenue and reputational damage.


Similarly, law firms have been targeted by ransomware attacks. Law practitioners bill for their time by the minute. Again, consider the true cost to business, beyond the actual ransom amount, if a large group of individuals in a law firm are not able to work for a certain amount of time. One case comes to mind where the perpetrators asked for a mere 2 Bitcoin ransom, yet the law firm was incapacitated for 4 days.


Hypothetically, consider an organization with revenue streams reliant on an e-commerce site which is integrated with back-end financial systems. If this is compromised due to a ransomware attack, the entire revenue stream could potentially be down for some time. What’s the actual cost to business then?


The bottom line is that the the cost to a business not being able to operate is way more than the price of the ransom. Ransomware is not so much about the ransom as it is about business continuity.


What is the Appropriate Countermeasure?

Traditional anti-virus and perimeter security technology largely fail to detect ransomware, as the mechanisms employed rely on known ransomware variants. The inconvenient truth is that perpetrators write new ransomware variants on a daily basis, none of which have  known signatures. As such, the most successful technological methods to detect and prevent ransomware has to rely on behaviour analysis and machine learning to identify anomalous behaviour and stop it in its tracks before the ransomware can run, whilst allowing normal day-to-day activity to continue.


Therefore, to defend digital revenue streams, an appropriate mitigation strategy against ransomware type attacks ought to include two aspects. Firstly, apt technology that detects and prevents ransomware from executing and secondly, immediate response (human intervention) to contain any further spread of the malicious package.


For more information about F-Secure Consulting’s solution to the scourge of ransomware attacks, please contact us.

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs