Staying cyber safe in a world full of threats

When I think about the way our lives have changed over the last 20 years, it’s staggering. We’ve gone from barely using computers to relying on them for almost everything: our jobs, our taxes, our communications, our banking. With all of that convenience comes a darker reality. Cybercrime has grown just as fast, and it’s always trying to find a way in.

Cyber threats cover a wide range of dangers. On one end, it might be a phishing email designed to steal your credit card or Social Security number. On the other, it could be a ransomware attack that cripples a business or even shuts down a hospital.

Where ransomware attacks come from

Many ransomware operations against the U.S. are executed in countries like Russia, where extradition to the United States to face justice isn’t an option. That said, the problem often begins closer to home. Someone in the U.S., or in Canada, or even Australia might gain access to a domestic system and then sell that access to the criminal gangs who carry out the attacks. It’s a marketplace for stolen access. The FBI prosecutes thousands of Americans every year for playing this role in the chain.

Related: How can ransomware be delivered?

These gangs are highly organized. They research victims, look at insurance policies, bank balances, and decide what ransom to demand. Russia may be the largest single source of ransomware, but the ecosystem is global.

Can you trust a criminal?

A common question I get is: if you pay the ransom, can you trust the attacker to give you back the promised data and then leave you alone forever? Statistics say that in about 94 percent of cases, the victim's data is restored. But it’s difficult to be sure if the attack truly stops there.

When I talk to businesses, I often say that getting hit with ransomware is like getting seven years of bad luck. Even if the attackers return your data, they’ve stolen contracts, invoices, and customer information. They may use that data to attack your customers and partners. Imagine receiving a fake invoice from a company you regularly do business with—it looks trustworthy, so you pay it, and the attackers are in. That’s how the damage spreads.

And then there’s the ethical side. Paying ransom funds organized crime. Whenever possible, I encourage businesses not to pay.

The impossible decision: To pay or not to pay

Whether you end up paying often comes down to resilience. Do you have strong backups? Can you recover on your own? What’s your reputation risk?

The UK’s National Health Service has been hit multiple times and has never paid. But their situation is unique: They’re the only healthcare provider in the country. Their patients can’t simply switch. For private businesses, the calculation is different. We saw with Colonial Pipeline and MGM that when critical data and backups are destroyed, the companies are essentially backed into a corner and forced to pay. Even then, recovery costs can run into the hundreds of millions.

Practical advice for individuals

For individuals, the most effective defense is simple: stop clicking on things you don’t trust. If you get an email from someone you don’t recognize, don’t open it. If you get a request—even from a friend or colleague—that feels out of place, pick up the phone and confirm. A moment of caution can save you from a world of trouble.

The best defense against cybercrime is prevention. Once you’re hit, the choices are ugly and expensive. At ThreatLocker, we spend every day helping businesses reduce their risks and protect themselves against these threats.

If you want to learn more, visit threatlocker.com. We’ve put together practical resources and training for IT professionals and businesses, and we regularly host online and in-person events to share strategies for staying safe in a dangerous digital world.

Want to learn more about ThreatLocker?

Schedule a demo customized to your environment and find out how you can harden your defenses.

‍