A strategy to win the ransomware war

Our leaders on Capitol Hill, the national media (“60 Minutes” on Sunday), and the world are finally starting to recognize that ransomware is a massive national security risk.

Why it took years to get to this point? No idea.

I guess when you take away our meat and fuel (everyone in gas-crazy Florida knows about Colonial), Americans start paying attention; not just paying attention, but creating a Justice Department Ransomware Task Force.

On our podcast last week, my exact words were: “Follow what President (Ronald) Reagan did with terrorists, and do not negotiate or pay ransoms to them — ever.”

If you read my columns over the past 10 years, one in four is about cybercrime and usually, ransomware is in the mix.

What’s new with these threats, besides making an appearance on 60 Minutes and being discussed by the White House?

What’s new is that people keep paying the ransom; more hacking groups are getting in the mix because it is extremely lucrative.

We have seen the payouts and we have to stop paying them, CNA Insurance paid out $40 million and Colonial $5 million. Even if you bribe to pay to your host government, those are some steep margins for setting up some email blasts loaded with malware.

Hackers are getting more creative/devious with these attacks; not only do the latest strains encrypt your data, but they also steal it.

Essentially, there’s double extortion going on: First you pay to get the encryption keys back to unlock your data. If you have rock-solid data backups and wipe and reload your systems so you don’t have to pay to get the keys. But if you have private and sensitive info, you might be tempted to pay to stop the release of the data where it might end up for sale on the dark web.

Granted, there is no guarantee that the criminals will give you encryption codes nor any assurances that they will not release your stolen info regardless, especially if you have valuable data, like Social Security numbers, state secrets, credit card numbers, etc.

By the numbers, a report from Cybersecurity Ventures says ransomware damages would cost the world $5 Billion USD in 2017, up from $325 million in 2016 and rocketing to $20 billion in 2021. That’s approx. 57…