For a tantalising moment it felt as if the ransomware attack on Lincolnshire Council might go down in history as one of the most serious cyberattacks ever recorded in the UK. Initially the sum demanded was reported as being an extraordinary £1 million ($1.5 million), which would have made the incident by some distance the largest ransom ever publically disclosed anywhere in the world since this type of attack appeared a decade ago.
As experts wondered what was going on, it later transpired that the ransom was in fact a more ordinary $500 (£350), which the Council stated it wouldn't pay. The difference between the two sums isn't simply a matter of money. Attackers confident enough to ask for the huge sum of £1 million implies a targeted attack, which are usually severe to cause serious disruption. A demand for only $500 is more like a standard ransomware attack executing from a single machine with self-limiting consequences.
From the Council's point of view, the difference probably sounds like splitting hairs. Its systems were taken down for a week and staff found themselves checking a reported 458 servers and at least 70TB of data to make sure the infection hadn't spread beyond wherever it entered the network. As with everyday ransomware attacks, a member of staff opened a booby-trapped email that wasn't filtered by the Council's security systems and set off an infection that probably caught thousands of files on hard drives and possibly network shares accessible from that system.
The Council later blustered about the malware using a "zero-day" attack, which sounds highly unlikely. It is probable that a recent but unpatched flaw in software was to blame. Regardless, the attack's disturbing quality was its simplicity and predictability for attackers who see ransom demands to return (or not) encrypted files as a percentages game. Most victims won't pay but the small fraction who do make it worth the bother.
According to a January 2015 survey of Cloud Security Alliance (CSA) members by Skyhigh Networks that found that a quarter were willing to pay ransoms if that would prevent a cyberattack with a surprising 14 percent claiming they would pay ransoms as high as $1 million. The survey only covered slightly over 200 people across the globe so its conclusions don't transfer to UK businesses with a fig of certainty/ What is underlines is that ransom attacks have become common enough that some business leaders might be rationalising them as just another cost of business. It's the shift in psychology that's important here not how many organisations are actually stumping up cash.
An Online Trust Alliance (OTA) report, also from January, estimated that ransomware has now become almost the standard way of targeting businesses, almost always with some degree of targetting.
Sign up for CIO Asia eNewsletters.