Ransomware, malicious software that holds your data hostage in exchange for money, is, in a word, terrifying. A bad actor infiltrates your system via a phishing email, for example, encrypts your files, and your business, now crippled, comes to a standstill. The cybercriminal then demands payment, typically in Bitcoin because it’s anonymous and can’t be traced, leaving you in a damned-if-you-do-damned-if-you-don’t situation.So, what do you do? Give in and pay up? Stand strong and refuse (but chance paying even more to remedy the situation)? Great questions, but unfortunately, no great answers.
But you need advice, so here it is: It depends. (Super helpful, right?)
While we, as cyber professionals, strongly suggest you do not pay the ransom, we understand how difficult it is to be held hostage. Your data is your most precious intangible commodity – even more so when you’re in a literal life-or-death industry like healthcare, a frequent target of ransomware attacks.
That’s why we’re taking a quick look at both sides: the “pay” as well as the “nay.”
First, some reasons why refusing to pay a ransom is your best choice:
- Paying does not mean you’ll get your data back. Why? “Criminals aren’t interested in customer service.” (Marius Nel, CEO of tech consultancy 360 Smart Networks) In fact, of the 7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.
- You’re less likely to be a repeat target. Criminals want what’s easy, right? Refuse to pay and they may drop you from their list of targets. But be sure to shore up your security, so your chance of being a target again decreases even more.
- You can help stop future ransomware attacks. Right now, ransomware is so lucrative that hackers have packaged turnkey ransomware kits, so even the not-so-clever hackers out there can make a buck. But, if every business says “no,” the profitable ransomware well will dry up.
And, of course, here some reasons why a company does pay the ransom (notice we didn’t say should):
- Less downtime for your business. That is, if you get a working decryption key. If you do, you can resolve the issue and get your company back online quickly. The average ransomware attack lasts 7.3 days, which is why hospitals and other health-related businesses often give in to the attackers – there are lives on the line and time is of the essence.
- It may cost less money. A ransom is typically a small percentage compared to what it costs to recover from an attack. In 2018, the City of Atlanta was hit by ransomware. The cybercriminals asked for $52,000 in Bitcoin. The city refused to submit and ended up spending $17 million in recovery costs. (Keep in mind that recovery is always more than prevention, which is why you need a solid cybersecurity plan in place, and you need to test it) In addition, insurance companies may provide coverage for payments resulting from a cyber-extortion threat, including ransomware, as well as the cost of effectuating and negotiating an extortion payment.
- Your backup system isn’t working. If your system has been backed up properly, you can avoid paying a ransom, as you will be able to restore all encrypted files. But, if your backup system has failed or has also been attacked, you may be out of luck and need to pay up. (Unless, of course, you can live without the data that’s been lost.)
Hopefully, you won’t ever have to make this decision. But ransomware isn’t going away any time soon: By the end of 2021, it’s expected that there will be a ransomware attack on a business every 11 seconds. So, let’s discuss how to protect your business and avoid these costly attacks in the first place.
As mentioned earlier, prevention is always more affordable than recovery. In addition to the basics – like having your employees use strong passwords and change them frequently, and using two-factor authentication – here are a few steps the U.S. Cybersecurity and Infrastructure Agency (CISA) recommends taking to protect your company from ransomware infection:
- Update your software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Backup data on a regular basis. Keep it on a separate device and store it offline.
- Follow safe practices when browsing the Internet.
In addition, CISA also recommends that organizations employ the following best practices:
- Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
The team at Avalon Cyber suggests you also:
- Offer security awareness training, such as phishing simulation and training, to your employees and stakeholders to help them identify malicious emails. This should be provided to your team on an annual – or even a monthly – basis.
- Consider adding Next-Generation Antivirus (NGAV) to your cybersecurity program. NGAV offers an unprecedented level of protection by using machine learning to evaluate system behaviors to anticipate and prevent both known and unknown cyberthreats, including ransomware. It can be deployed quickly and integrates seamlessly into your existing infrastructure.
Knowing what you’ll do in an emergency is a huge comfort when that emergency actually happens. So, talk to your employees and stakeholders and decide what your company would do in the face of a ransomware attack.
If you need help protecting your network or have experienced an attack and need immediate assistance, call the experts at Avalon Cyber at 1.877.216.2511.