November 2023 by Jim Doggett, CISO, Semperis
While shocking to many, the reports that BlackCat tattled on one of their victims to the SEC isn’t surprising in the ever-evolving ransomware economy. Some will argue that BlackCat’s move is opportunistic at best and they are motivated only by greed to force quicker payments by victims. Others will say that this aggressive move could leave the group in the crosshairs of U.S. law enforcement agencies. At the end of the day, the ransomware gangs are criminal organisations, and their only motive is profits. Drawing unneeded attention to themselves isn’t wise if they are looking to keep the gravy train of profitability running.
Overall, it doesn’t pay-to-pay a ransom unless in a life-and-death situation. In fact, many companies that pay fall victim a second and third time. In 2021, a family in Mobile, Alabama sued a hospital claiming they failed to notify them about a ransomware attack that took medical equipment offline and disrupted services. Tragically, a baby died and the family claimed in its lawsuit the death was the result of medical equipment being offline due to the ransomware attack.
When ransomware attacks make headlines, it is important to remind victims that there is light at the end of tunnel. Make no mistake, ransomware attacks can cripple some organisations. But defenders can gain the upper hand leaving ransomware operators searching for softer targets to hit. Organisations need to know what their critical systems are (including infrastructure such as Active Directory) before attacks occur and build resiliency into them. Prepare for the inevitable because 90 percent of organisations have experienced at least one ransomware attack in the last two years. By preparing in advance, defenders can make their organisations so difficult to compromise that hackers will look for softer targets.