Ransomware Extortion: A Question of TimeAttackers Target Time-Sensitive Records, Says Verizon's Mark Rasch
Ransomware attackers increasingly target organizations that might be able to recover from crypto-locking malware infections, but which might not be able to do so in a timely manner, says attorney Mark Rasch, security evangelist at Verizon Enterprise Solutions, in this video interview.
See Also: Attivo Deception MITRE Shield Mapping
"We're finding that institutions that have time-sensitive records, like hospitals and banks that need to get access immediately, are increasingly being the targets for ransomware," he says. "Not because they can't restore the data, but they can't restore it in time, and therefore, they're much more willing and able to pay the ransom, and so they're being targeted."
Recovery time is just one of many factors that organizations must assess when creating and updating their incident response plans, especially when it comes to combating ransomware outbreaks.
Rasch says that as part of their ransomware risk assessments, organizations must also review their cyber insurance policies to determine how and if they will cover ransomware-related incidents.
"It's not enough to have your risk people, your insurance people, your lawyers, looking at the insurance policy," Rasch says. Have your technical people look at it, because they know what happens in an incident." For example, a policy might safeguard organizations against destruction of data. But if attacker-encrypted data is still being stored on an organization's systems, an insurer may well argue that it hasn't been destroyed and refuse to cover any related claims, he warns.
In this video interview at Information Security Media Group's recent New York Fraud and Breach Prevention Summit, Rasch discusses:
- Why disaster recovery and resiliency plans must focus on backing up data, not programs or executable files;
- Potentially maintaining a bitcoin account to facilitate rapid ransom payments;
- How paying ransoms can violate laws and leave organizations ineligible for cyber insurance claims.
Before serving as Verizon's security evangelist, Rasch was chief privacy and data security officer for systems integrator SAIC, director of cybersecurity and privacy consulting for IT firm CSC and a principal at Secure IT Experts, among other roles. He has lectured on electronic crime and evidence at the FBI Academy and the Federal Law Enforcement Training Center, taught evidence law at the Catholic University School of Law, and lectured on white collar and computer crime at the American University School of Law. Rasch also created the Computer Crime Unit at the U.S. Department of Justice.