Ransomware – a blessing or a curse?
“We’ll see,” said the Zen master.
I’m no Zen master, but history may thank the authors of Ransomware someday.
Consider it a noisy wake-up call. People notice it because ransomware isn’t subtle at all – you get a very clear pop-up on your screen:
We’ve encrypted your files! Three bitcoins please.
If you’re unable to detect attacks carried out by Captain Obvious, guess what else you won’t detect?
Insiders that turn malicious. Administrators that abuse their access. Attackers that steal your trade secrets and intellectual property – maybe over the course of months or years.
These are full-on tsunami’s that make ransomware look like a rainy day.
And it’s not just lack of detection that should scare you. When you got hit, were any of these questions tough to answer?
- Which users were infected?
- What else got encrypted?
- When did it start?
- Is it over?
- Are we sure?
If you can’t answer these questions easily, you’ll never know what that employee took before they resigned and went to your competitor. You won’t know what the disgruntled admin decided to delete when they were downsized. You probably don’t know anything that’s happening on the majority of your file systems. That’s right. This should be a wake-up call.
Having your files encrypted by ransomware is terrible, but it’s probably better to be the company that got scared into implementing some internal controls by cryptolocker than the one who didn’t bother – and then went out of business because all its customer data ended up in paste-bin.