WorldWide Drilling Resource

37 OCTOBER 2021 Drilling Into Money Not Boring by Mark E. Battersby Paying the Piper ~ Ethical vs. Necessity Ransomware has long been thought of as an economic nuisance, but the recent proliferation of well-publicized cyberat- tacks has revealed ransomware as a serious national securit y threat. Still, largely hidden from public view, however, are th e attacks on small businesses, including many drilling opera - tions and businesses that don’t make the headlines. Ransomware is a type of malicious software, or malware, that prevents a business from accessing its computer files , systems, or networks and demands payment of a ransom for thei r return. Ransomware can unknowingly be downloaded onto a computer by opening an e-mail attachment, clicking an ad, fol - lowing a link, or even visiting a website that's embedded wit h malware. Obviously, the best way to avoid being exposed t o ransomware, or any type of malware, requires caution whenev- er the drilling operation’s computers are used. While it is frightening to think nothing can be done when faced with a cyberattack, being prepared for the potential los t revenue/income during downtime is as important as preemp - tively assessing what cybersecurity measures are already i n place. Ransom payments vary depending on the ransomware variant and the price or exchange rates of digital currencies . The anonymity offered by cryptocurrencies makes this th e ideal payment vehicle. Alternative payment options frequently employed include iTunes and Amazon gift cards. It is virtually impossible to completely eliminate the risk of a ransomware attack since preparedness only goes so far. Fortunately, a business that pays ransomware may be entitled to claim a tax deduction on their federal tax returns. Without business interruption insurance, an operation could not make up any income lost due to the disaster - the ran- somware attack. What’s more, to protect against cyber risks, many businesses are adding cyber or cyber liability coverage to their business insurance policies. So-called “data breach insurance” helps a business respond to breaches and usually offers sufficient protection for most small businesses. Cyber liability insurance, on the other hand, is typically used by larger businesses and offers more cover- age to help prepare for, respond, and recover from cyberattacks. Unfortunately, paying the ransom does not guarantee users will get the decryption key or unlock code needed to regain access to the infected computer system or files being held hostage. Bottom-line, is whether paying the ransom, in essence helping them proliferate and grow increasingly more sophisticated, outweighs paying ransom for the promise of restored computer systems and unlocked data, the most cost-effective strategy? Mark Mark E. Battersby may be contacted via e-mail to