Ransomware cash demands set to rise in 2017

3 Jan 2017418 Views

Silence, fear of fines and negative PR are only encouraging ransomware hackers to demand more moolah. Image: Bacho/Shutterstock

The silence of organisations that have been victims of ransomware attacks will lead to amounts demanded by hackers increasing substantially in 2017.

Ransomware attacks usually occur because an employee in an organisation succumbs to a phishing attack.

What follows is the encryption of a firm’s core systems, with a demand for cash in return for their data back.

‘The general public are increasingly growing tired of being told that their personal data may or may not have leaked into the wrong hands’

However, Pat Larkin, CEO of Ward Solutions, has warned that firms’ silence about their experiences is only going to make criminals even more bold.

Firms don’t reveal they have been victims because they fear adverse PR or regulatory fines.

Knowing this, hackers are increasing their threats, including disclosing the breach to the Data Protection Commission.

“Ransom prices could increase significantly for the price of their silence,” Larkin warned.

Breach fatigue among the public

Ransomware cash demands set to rise in 2017

Pat Larkin, CEO, Ward Solutions. Image: Leonard Photography

Support Silicon Republic

He said that “breach fatigue” among the public will also see stiffer penalties for firms, as people want to see them be held more accountable for data management.

“The general public are increasingly growing tired of being told that their personal data may or may not have leaked into the wrong hands. This fatigue offers huge opportunities for cyber-criminals as consumers drop their guard.

“It also places an increased responsibility on organisations to secure and protect all of the customer and third-party data that they collect and handle.”

Ward also believes that most Irish organisations do not yet realise the scale of the challenge to become compliant with the impending General Data Protection Regulation (GDPR) legislation, which is due to come into force in May 2018.

“GDPR compliance is set to be the central topic for discussion in information security in 2017,” Larkin said.

“Organisations that act now to become compliant can get ahead of the crowd and begin 2018 safe in the knowledge that they will not be liable for fines of up to 4pc of annual global turnover, or €20m, depending on which is greater.

“Many Irish organisations have grossly underestimated the workload required to become compliant by the time the legalisation comes into force in May 2018. When they finally realise the scale of the challenge, they will be forced to seek assistance from a limited pool of knowledgeable external resources, and achieving compliance in time will end up costing much more than they bargained for.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years