Anti-Malware , Risk Management , Technology

Ransomware Extortion: A Question of Time

Attackers Target Time-Sensitive Records, Says Verizon's Mark Rasch

Ransomware attackers increasingly target organizations that might be able to recover from crypto-locking malware infections, but which might not be able to do so in a timely manner, says attorney Mark Rasch, security evangelist at Verizon Enterprise Solutions, in this video interview.

See Also: Ransomware: The Look at Future Trends

"We're finding that institutions that have time-sensitive records, like hospitals and banks that need to get access immediately, are increasingly being the targets for ransomware," he says. "Not because they can't restore the data, but they can't restore it in time, and therefore, they're much more willing and able to pay the ransom, and so they're being targeted."

Recovery time is just one of many factors that organizations must assess when creating and updating their incident response plans, especially when it comes to combating ransomware outbreaks.

Rasch says that as part of their ransomware risk assessments, organizations must also review their cyber insurance policies to determine how and if they will cover ransomware-related incidents.

"It's not enough to have your risk people, your insurance people, your lawyers, looking at the insurance policy," Rasch says. Have your technical people look at it, because they know what happens in an incident." For example, a policy might safeguard organizations against destruction of data. But if attacker-encrypted data is still being stored on an organization's systems, an insurer may well argue that it hasn't been destroyed and refuse to cover any related claims, he warns.

In this video interview at Information Security Media Group's recent New York Fraud and Breach Prevention Summit, Rasch discusses:

  • Why disaster recovery and resiliency plans must focus on backing up data, not programs or executable files;
  • Potentially maintaining a bitcoin account to facilitate rapid ransom payments;
  • How paying ransoms can violate laws and leave organizations ineligible for cyber insurance claims.

Before serving as Verizon's security evangelist, Rasch was chief privacy and data security officer for systems integrator SAIC, director of cybersecurity and privacy consulting for IT firm CSC and a principal at Secure IT Experts, among other roles. He has lectured on electronic crime and evidence at the FBI Academy and the Federal Law Enforcement Training Center, taught evidence law at the Catholic University School of Law, and lectured on white collar and computer crime at the American University School of Law. Rasch also created the Computer Crime Unit at the U.S. Department of Justice.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network