Ransomware has continued to grow as one of the most commonly employed types of cyber attacks. More and more organizations are becoming the victims of encrypted files and extortion. The amount demanded by ransomware can vary quite widely, but one of the most frequent questions an organization asks when hit by ransomware is should we pay?
Well, the actual answer to this question can vary depending on who is asked. Many law enforcement agencies will promote paying the ransom, being that it sometimes is the only way to get your data back. Some even tell organizations to keep a bitcoin wallet prepared at all times to be able to make swift payment in the event of an attack. The reasoning for encouraging businesses to pay is often because of the fact that ransomware can have a very short deadline. Typically, all ransomware provides a deadline for the payment before some consequence, such as the deletion of the captured data. The time frame could be hours, or it could be a week.
Many security experts instantly answer the question with a solid “no,” but this can be easy to say when your critical data is not on the line. There are some important stipulations when it comes to not paying ransomware. One of the major factors is whether an organization has a backup of the information or not. If an organization has a proper backup, they can easily clear the system, including the malware, and then restore the information from the backup. Maintaining a proper backup is one of the most ideal things an organization can do, as ransomware is not the only threat to data. Various other strains of malware or hardware failures could also lead to the loss of data. Backups should be quite regular, and they should also be encrypted and separate from the general network.
Handling a Ransomware Attack
There are many steps that need to be taken in the event of a ransomware infection. One of the initial steps is to immediately disconnect the device from the network as soon as the ransomware display pops up. There is always the potential that the infection could spread to other systems, and so disconnecting it rapidly is critical. Then, there are a series of people and divisions that should be informed, including the legal department, human resources, public relations, IT, and executives. The FBI should be informed as well, though some organizations hesitate on this because of having to potentially turn over the investigation, or have devices seized as evidence.
There are several different methods that an organization can employ to help prevent ransomware as well, including:
- Education – Inform employees and executives of the organization about the dangers of ransomware, as well as their potential attack vectors such as email. This can help to lower the chances of scams being successful with employees.
- Security Patches – Always update anti-virus and other security software regularly to ensure that any vulnerabilities are patched.
- Limit Admin Accounts – Only those with absolute necessity should have access to administrative accounts. Limit these thoroughly to ensure that no one has access that does not require it.
Practicing Proper Threat Mitigation
The amount of threats and attackers that are among the cyberscape continues to increase every single day. It is important that an organization take the appropriate steps to protect themselves from these threats and attackers. A single breach can actually cause an organization to fail if extremely detrimental. Threat mitigation is a critical element of any organization’s establishment these days, being that cyber attacks have become a commonality. Massive Alliance offers a wide array of cyber security services to help promote an organization’s threat mitigation.