June 12, 2019

Radiohead are releasing 18 hours of unreleased music after cybercriminals gained access to a hard drive and demanded a ransom.

The tunes were stolen from singer Thom Yorke’s minidisk archive of material from sessions leading up to the band’s 1997 breakthrough album OK Computer, the band said.

Attackers told the band to pay £118,000 or see the songs dumped onto a P2P file sharing network for anyone to download.

Radiohead said no – pre-emptively releasing the tracks instead, and asking for any proceeds from their sale to go to environmental campaign group Extinction Rebellion.

While it wasn’t a ransomware hack per se, the structure and approach was essentially the same: ‘We have your hugely valuable and important files – pay up if you want them back.’

But instead of panicking and submitting to blackmail, Radiohead’s response was to have a Plan B, saving the band from making a significant payout while generating some positive PR.

In music biz terms they minimised the cost of remediation while sustaining normal operations.

Resistance isn’t futile

Should every business do a Radiohead if ransomware strikes their systems? Opinion in the cybersecurity community is somewhat mixed.

Some say if the ransom demand isn’t off the scale, handing over the cash and making the problem go away quickly can make sense.

But a 2018 study from CyberEdge showed that fewer than 20 per cent of organisations who paid to have their files de-encrypted actually got them back.

Many ransomware players also demand payment in cryptocurrency to better hide their tracks. Depending on the virtual coin, companies that do give in often find themselves facing sudden swings in asset value – raising the cost again.

Despite the risk, a lot of organizations opt to pay up.

A survey by AppRiver shows that more than half (55 per cent) would be willing to pay the ransom to recover their locked data.

SMB’s at the larger end of the spectrum would be even more likely to pay, with 74% saying yes and 39% saying they would pay at almost any price.

An NTT Security survey of 1800 CSOs and CISOs at global multinationals found that more than a third of those companies would do the same.

It’s testament to how reliant modern business models are on data.

  • Three quarters of survey respondents in the AppRiver study said a successful attack would hurt revenues and risk customer relationships.
  • Less than 36% thought they could weather a successful ransomware infection without significant losses.

Cybercriminals know this and they’ve re-doubled their efforts. Ransomware attacks are up by 500 per cent – because they work.

The WannaCry and NotPetya viruses unleashed in 2017/2018 infected computers in 150 countries and caused damages in the billions.

The cybercriminals responsible made off with at least £150,000 – a tiny sum compared to the total damage caused, but still, worth getting out of bed for.

Just enough businesses were frightened by the threat to make the blackmail profitable.

Until ransomware attacks start to meet persistent, stubborn resistance, cybercriminals will continue to chance their arm.

Our take: Be prepared, and just say no

Mid-sized organisations have smaller cybersecurity budgets so you can’t blame them for feeling vulnerable to blackmail, but the truth is that organisations of all sizes have the power to resist.

Some of that power lies in preparedness, but even more of it rests with people.

Follow Radiohead’s lead and have a viable plan B: an effective, tested, at-the-ready response for the day that ‘HA HA YOUR FILES HAVE BEEN ENCRYPTED’ pop-up hijacks your PC screen.

If you want to avoid having to make the decision between paying ransom or losing access to essential data, follow these steps:

  1. We can’t say it often enough: update operating systems and software as soon as security patches arrive. The NHS trusts hit by WannaCry last year hadn’t implemented a security software patch for the bug already distributed by Microsoft.
  2. Regular system backups are crucial. They should be held on separate systems, or on physical media disconnected from the network. Cleaning up infected hardware and re-populating information across systems will still take time, but you’ll know that you can continue operating with minimum disruption if a catastrophic infection occurs.
  3. Next you need a step-by-step plan for business continuity and recovery. This includes having backups ready and testing them to ensure they work, having a manual or secondary process for continuing any impacted services in the short term, knowing who to turn to if you need recovery services, and running simulations to identify any weaknesses in the plan.
  4. Understand that many if not most malware infections find their way into systems off the back of a phishing campaign. Training employees to spot a phishing attack can be one of the most effective ways to keep ransomware out and data safe.

Cybersecurity is about more than technology, it’s also about people, and strengthening the people side of the cyber equation means building a culture of security awareness. If you raise visibility across the organisation of the security risks that can lead to ransomware infection, you raise the bar for attackers.

It’s harder to breach an organisation when its people are clear on company security policies, and employees have been empowered with the knowledge they need to spot an attack.

An effective security awareness training program is one of the best ways to ensure that everyone in the organisation has an appropriate level of know-how about security – and takes on a level of personal responsibility.

For some businesses, simply paying the ransom and hoping to restore operations quickly could look like the easy way out. But will you get your data back?

Best to have Plan B ready.

Want to learn more about empowering employees with security awareness training?  Sign up for a free demo and find out how we’re already helping organisations just like yours.

Share this: