What is a Ransomware Payment?
Ransomware is a form of malware that encrypts files on a victim’s computer or server, making them unusable. Cybercriminals demand a ransom in exchange for providing a key to decrypt the victim’s files. Covered entities or business associates who pay the ransom have given the cybercriminals a ransomware payment.
Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.
A new analysis by Coveware, a remediation and incident response firm, has revealed that the average ransomware payment amount increased by six times between 2018 and Q3 2019. The average ransomware payment amount as of Q3 stands at $41,198.
Many companies have paid considerably more to regain access to their hijacked systems. Larger enterprises often are faced with ransomware demands of over $1 million.
Cybercriminals have, in part, focused their attacks on healthcare because there is a higher than average chance of the ransom being paid. Managed service providers, or MSPs, have also suffered an increased volume of attacks. A successful attack on an MSP can give a cybercriminal a considerable payout if the attack gives the criminal access to the systems of all of the MSP’s clients.
Ransomware developers, who devote considerable resources and efforts to their criminal efforts, are best served from a financial standpoint if those developers make sure that victim files can be recovered. After all, if word gets out that payment is pointless because it will not result in recovery, organizations who then become “held hostage” will not pay the ransom. At the same time, however, payment is hardly a guarantee that files will be recovered. Criminals are not necessarily keen on honoring such agreements. According to the Coveware analysis, while 98% of the victims that paid the ransomware were eventually supplied with working keys to decrypt their data, these keys only allowed for 94% of data to be recovered.
What Can Organizations Do to Guard Against Ransomware Attacks?
Organizations should take a variety of measures to guard against ransomware attacks. These measures include:
- Conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and establishing a remediation plan to mitigate those identified risks
- Implementing procedures to safeguard against malicious software
- Training authorized users to detect malicious software and reporting such detections
- Limiting access to ePHI to only those persons or software programs requiring access
- Maintaining an overall contingency plan that includes disaster recovery, emergency operation, frequent data backups, and test restorations
- Understanding ransomware, how it works, and knowing how to spot the signs
- Implementing security incident responses and mitigating the consequences of ransomware