Paying the ransom won't guarantee that the company will regain access to its data
Sydney-based media monitoring firm Isentia is investigating a possible cyber-attack that appears to have crippled its online portal, the company told the Australian Stock Exchange.
“Isentia is taking urgent steps to contain the incident and conduct a full investigation into what happened and how to avoid a repeat occurrence in the future,” CEO Ed Harrison said.
Isentia’s media services are used widely by clients in both the public and private sectors to monitor reportage on their organisations.
Early reports suggest the company was affected by a ransomware attack, a security breach in which perpetrators launch malicious software that would either deny access to a company’s proprietary system or encrypt its data to force the company to negotiate with the hackers.
“The cyber actor holds systems or data hostage until the ransom is paid,” said Kris Lovejoy, global cybersecurity leader for EY.
Read more: Securing the remote workforce – 5 new cyber threats
Should employers pay the ransom?
Negotiating with data thieves, however, won’t always guarantee that the organisation will regain access to its system or data.
In fact, researchers from security specialist Proofpoint estimate that only 70% of those who opted to pay the ransom regained access just after the first payment. One in five companies (22%) were still locked out of their system despite paying up.
Finding a solution requires a concerted effort from IT security experts, cyber insurers, law enforcers and the company’s legal team, Lovejoy advises.
“With the average ransomware attack lasting 12.1 days, there are real costs to having a company or city offline for days. If one were to accept facts published in popular media, it would appear that ransom payment is often the least costly option,” she said.
The US Federal Bureau of Investigation believes paying ransoms “emboldens criminals to target other organisations and provides an alluring and lucrative enterprise to other criminals”.
“However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees and customers,” the bureau said.
‘More innovative attacks’
Nearly a third of organisations in Australia and New Zealand, hit by a ransomware attack in the past two years, have ended up biting the bait, according to IDC’s ANZ Ransomware Survey.
But this might encourage data thieves to keep perpetrating even more sophisticated attacks, warns Tim Mackey, principal security strategist at Synopsys Software Integrity Group.
“Unfortunately, when payment occurs, those monies are then available to create yet more innovative attacks, and potentially fund other criminal activity,” Mackey told HRD.
Melbourne-based logistics company Toll Group, for example, suffered two ransomware attacks in a span of just three months.
Read more: COVID-19: Hackers are combatting another kind of viral threat
“For businesses seeking to restore operations quickly, payment of the ransom may seem like an acceptable solution. Unfortunately, as the Toll Group found earlier this year, implementing IT improvements following one attack doesn’t preclude another successful attack,” Mackey said.
“Defending against any type of malware requires a comprehensive plan that looks at human factors in addition to technologies. Importantly, the underlying threat models should take into account how an attacker might use the data they collect.”
Isentia is uncertain how long its portal will remain inaccessible, but the company has promised to inform clients of its impact immediately after the investigation, The Guardian reported.
“In the case of Isentia,” Mackey advised, “customers should look to change any credentials they’ve provided on the Isentia platform as well as to revoke any access tokens to media platforms Isentia was monitoring for them. Doing so could limit ongoing damage if Isentia customer data was exfiltrated during the attack.”