Ransomware Terrorism: Should We Be Worried?
By Marcus Chung, CEO, BoldCloud.
The threat of ransomware being used as a highly effective form of cyber terrorism has been receiving a lot of media attention lately. The story line stems from a recent Lloyds of London report that boldly states a large-scale ransomware attack could cost the global economy $193 billion and impact more than 600,000 businesses worldwide.
The report further speculates that if coordinated and executed properly, a global attack like WannaCry could cause even more severe damage and cost companies significantly more when you factor in all the business disruption and recovery related costs that would follow in the wake of a wide-scale attack.
With doomsday projections like these, it’s easy for people to become numb to the associated cyber security risks. Yet security professionals must always remain objective when assessing the scope of a threat versus the cost of implementing security measures to arrive at a risk-based recommendation.
What is ransomware terrorism?
Terrorism is broadly defined as the use or threat of violence that aims to spread fear in a population, and to advance a political, ideological or religious cause. Ransomware can be used in this context to disrupt the life of individuals and organizations, which depend on the smooth functioning of information technology to maintain operations.
While historically, the main goal of ransomware has been to extract, or extort, money or other valuable consideration from the affected party. NotPetya made us aware that there is a lot more damage an attacker could do with access to an army of computers spread across the globe than just turning them into bricks.
To prevent or avoid the consequences of an attack of terrorism, the defenders must effectively repel every single attempt to perpetrate the crime. Ultimately, the attackers only need to overcome the defenses once in any given situation to prevail.
Exploring the potential impacts of ransomware terrorism
In the proposed scenarios created by the Cyber Risk Management (CyRiM) project and Cambridge Centre for Risk Studies (CCRS), put forth in the report called, “Bashe Attack: Global infection by contagious malware,” a ransomware terrorist attack could be launched through an infected email, which once opened would be forwarded to all stored contacts.
Then within 24 hours, the malware could encrypt all data on 30 million devices worldwide. In the worst case scenario of the event, even the backups would be erased—meaning companies of all sizes would be forced to pay a ransom to decrypt their data or replace their infected devices.
It is easy to conceive that a ransomware attack on this scale would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, inaccessible data files, IT clean-up costs, ransom payments and supply chain disruption.
The moral of the story according to Lloyds is that all businesses should pay close attention to systemic risk across all lines of business, not just within the silo of cyber and businesses should buy insurance to help protect against such catastrophic scenarios.