Ransomware is malicious software that encrypts files and requires a key to decrypt the files. To get the files decrypted, the company or organization must typically pay the hackers a large fee, often in Bitcoin or another cryptocurrency. It is important to note that cryptocurrency payments are one-way transactions that are impossible to trace. There is risk, too. If the hackers do not provide the organization with the decryption key after payment, there is no refund.
Hackers in recent years have targeted businesses such as hospitals for ransomware attacks, as well as cities and towns, large and small. Black hat hackers encrypted the city of Baltimore’s systems, as well as two smaller cities in Florida.
Read these brief articles from the UMGC library to learn about the ransomware incidents:
Chokshi, N. (2019, May 23).Attacked With Ransomware, Baltimore Isn't Giving In.New York Times, p. B6(L).
Mazzei, P. (2019, June 28).Another City in Florida Pays a Ransom to Computer Hackers.New York Times,p. A17(L).
If the organization does not pay the ransom, it would need to either use backups to restore to an earlier network or system state, or to rebuild its systems and data. In the case of the Baltimore city government, its backup systems were also encrypted, so the city was unable to process real estate transactions.
Depending on the complexity of the environment and the amount of data encrypted, this could cost the organization more than the ransom, perhaps even 10 to 20 times the amount.
- What would you do if you were the cybersecurity analyst that had to advise the city of Baltimore and/or the smaller cities?
- Would you pay the ransom? Consider both sides of the argument by conducting internet research to understand the different viewpoints. When you are ready, explain why you would or would not pay the ransom.
- If you agree to pay the ransom, what are you going to tell the CEO if the hackers don’t end up providing the decryption key to unlock the files or come back and ask for even more money?
- If you don’t agree to pay the ransom, what are you going to tell the CEO, especially if the costs to restore far exceed the ransom?
- Are there ethical considerations? If your organization pays, will other organizations be vulnerable to similar attacks on their systems?
- Would you have a different decision if you were working for a small organization like Mercury USA?