Beyond the increasingly unrelenting ransom demands, the means used to penetrate information systems are also becoming more sophisticated. For instance, hackers tried to bribe a Tesla employee with $1million to introduce malware into the company's computer network. With funds amassed from previous attacks, cybercriminals can increase their assault capabilities and access financial resources usually only available to groups with ties to a State.
These last examples illustrate the importance of attack profitability for cybercriminals. One of the reasons why ransomware is the frontrunner in cyberattacks is that, even today, many companies pay to get a decryption key - if one exists. This encourages cybercriminals to persevere.
Still it should be said that paying the ransom will not resolve the crisis swiftly. Indeed, even if the cybercriminals keep their promise and deliver a functional data decryption tool, it will need to be applied to the entire information system, which will then have to be secured to avoid a new intrusion (by the same culprits or others). Only after this could one progressively restart all services and ensure their proper functioning. As for stolen data, there is no way to ensure that it has actually been deleted. Measures will need to be taken to warn affected customers, entities or employees. Field observations show that the impact and duration of the crisis are almost identical for companies that have paid a ransom and for those that have not. Lastly, ransom payments can lead to legal problems, especially following the latest decisions by the United States to make some of these payments illegal.
A series of crises for companies
Given cybercriminal practices and the number of attacks, losses related to cyberattacks are piling up and represent major risks for companies - as seen in the recent attacks on Altran and Sopra Steria. The companies reported losing €20 million and €50 million respectively. In 2017, Saint-Gobain announced a €250 million loss following the attack it suffered.