Companies must think twice before paying ransom demands to hackers, according to the head of global CISO at Check Point Software
Deryck Mitchelson commented after it was revealed that the Qilin cyber gang demanded $50 million in ransom to the NHS, targeting health service laboratory partner Synnovis.
The attack, first detected on 3 June, affected several NHS trusts, most prominently Guy’s and St Thomas’ NHS Foundation Trust (including the Royal Brompton and Evelina hospitals) and King’s College NHS Foundation Trust, but also the South London and Maudsley NHS Foundation Trust and Oxleas NHS Foundation Trust, along with GP surgeries, clinics and services in Bexley, Bromley, Greenwich, Lambeth, Lewisham and Southwark, all of which rely on Synnovis services.
Mitchelson said there was no denying that the Qilin ransomware incident has had a huge knock-on effect on the daily running of NHS hospitals in the South East of England. These attacks always feel pretty personal and continue to raise questions about why criminal gangs repeatedly target public services.
“While details about the data being held are still unclear, the group’s demands for $50 million suggests it is serious. The size of the ransom is based on the scale of disruption and acts as the carrot being dangled to restore services quickly. Although paying it might seem like the easier way out, there are hidden costs to settling. Simply put, there is no guarantee that the data will be restored or trustworthy, and it might still be exposed after payment, Mitchelson said.
“Unfortunately, paying ransoms will not protect organisations from future attacks or prevent the reputational costs they might be left with. So, it is essential that the organisation is clear on the type of data that has been stolen so that they know the scale of the breach and can plan the right route to recovery.”