When ransomware hits your business and you watch helplessly as your data begins to encrypt, you may feel the urge to cough up and pay the ransom.
This practice isn’t uncommon as Kaspersky reported earlier this year. However, as part of that report, of the 56 percent of ransomware victims that pay, 17 percent never saw their data again.
Not getting your data back after you’ve paid the ransom is a very real risk but, according to co-founder at Nclose, Stephen Osler, there are other risks that may not become immediately apparent when bowing to the will of cybercriminals.
“If you pay, the hackers will look at other companies in your sector and simply replicate their success story with someone else,” explains Osler, “And they may come back to you for more. Payment is a risk; non-payment is a risk. Either way, you’ve been hacked and you need to have plans in place to protect your business and your information.”
The National Cyber Security Centre relayed a story earlier this year that featured an unidentified company which was breached and then did nothing to identify how the breach and ransomware were delivered. Despite having paid the ransom and getting its data back, the crims returned two weeks later and attacked again.
“The threat actors and the methods they use are increasingly sophisticated and complex, taking advantage of even the slightest gap in a company’s defences. Many attacks are extremely malicious, and some are driven by intentions other than just money or data. But, and this is really important, don’t panic and don’t pay the ransom,” adds Osler.
So what should you do in the event of a ransomware attack?
Well for one, your business should have a disaster recovery and business continuity plan in place.
Before those processes are even put into motion however, it’s important to triage the situation. Chief information security officers should assess how serious the compromise may be and what the best route to recovery is.
During this process it’s important to contain the breach as quickly as possible. Ransomware such as WannaCry was self-replicating and was able to take down entire networks in a few hours.
“It’s absolutely critical to identify how this got into the organisation and the level of access that the hackers have. Even if you switch everything off and rebuild everything from scratch, you still need to know how they got in so you don’t add that vulnerability straight back into the business. Find patient zero,” the Nclose co-founder advises.
Ransomware is highly lucrative for cybercriminals and the best way to guard yourself and your business is to insure that you have plans and processes in place to deal with ransomware when it hits.
Don’t pay the ransom, you may end up hurting yourself and others more than you realise.