A recent poll of 250 security professionals in the U.S. found that most – but not all – respondents would refuse to negotiate with cybercriminals in an attempt to recover stolen or encrypted data.
While 70 percent of professionals said they woudn't pay cyber extortionists, the remaining 30 percent admitted they would. ThreatTrack Security, a firm that helps organizations identify and mitigate advanced persistent threats (APTs), and targeted and sophisticated malware attacks, commissioned the survey which was conducted by Opinion Matters and published Tuesday.
The study, which polled security practitioners from mid-market enterprises (organizations with 500 to 2,500 employees) also found that “respondents in organizations already targeted by such schemes (38 percent of all respondents) are far more willing to play ball.”
Among respondents already targeted, 43 percent said that their companies should set aside funds for negotiating with cybercriminals who steal, encrypt or threaten to sell their data, the report said. Respondents at larger companies (2,000 or more employees) were more open to making deals with cybercriminals to retrieve data, however.
“The sentiment against negotiating with cyber extortionists was stronger at smaller companies," where, according to 78 percent of respondents, they wouldn't negotiate,” the report said. “Respondents at companies with 2,000 to 2,500 employees took a softer stance"- only 42 percent said they would negotiate.
Of note, organizations in industries that were heavily targeted by cybercriminals, such as the healthcare and financial services sectors, were more resolute in their decision not to bargain with attackers.
"Currently, however, there is strong opposition, which grows stronger within industries most often targeted by cybercriminals - healthcare and financial services," the study revealed, noting that 92 percent of those surveyed in healthcare and 80 percent in the financial services sectors "said they wouldn't negotiate.”
Increasingly, cybercriminals have leveraged ransomware for cyber exortion – encrypting victims' computer files and requesting payment to unlock the data; but, sometimes attackers use other tactics, like distributed denial-of-service (DDoS) attacks to manipulate their targets.
Last June, for instance, code hosting service Code Spaces was forced to shut down after it suffered a DDoS attack, and eventually had most of its sensitive data, including backups and code repositories, deleted by attackers. The hackers requested a “large fee” from the company to resolve the issue, and when Code Spaces took steps to mitigate the attacks, hackers executed their plan to sabotage the company.
In the ThreatTrack survey, respondents, who had previously been targeted by extortion attempts, also provided their perspectives on cybersecurity insurance and government intervention to potentially alleviate the impact of such scams.
Seventy-four percent of cyber extortion victims said that firms offering cybersecurity insurance should provide third parties to “negotiate with cybercriminals” on the behalf of targeted companies. Among respondents at targeted companies, 54 percent also agreed that the government should be notified immediately and granted full access to the corporate network to investigate, in the wake of such attacks.