No one likes to admit when they are attacked, the emotions you would be going through. I ask though could you survive with a loss of the data? Or hould you pay when attacked by Ransomware?
Being a victim of Ransomware wouldn’t be something any of us want to face. Your files getting encrypted and suddenly becoming faced with a dilemma of should we pay or not? Studies have shown 70% of business are paying to get their data back but not all cyber criminals return the encryption keys. Before you make a decision, consider these key facts.
Can You Trust Them?
You are dealing with cyber criminals after all. They used an infection to encrypt your data and now you are relying on them to send you the decryption key following payment? In all the cases I am aware of the criminals demand payment via the untraceable currency called Bitcoin. If you decide to pay up and they run you will have no recourse, no authorities that can recover your money, essentially you will be throwing the money away.
As they are criminals they could suddenly turn around and say that their demand was too low and ask for more money, we would then have the same dilemma. Next you have to consider if they do send the decryption key they will still have access to your data and you will still be encrypted unless you hire a professional to remove the infection. Sometimes the situation can be so bad it will result in data loss as a an only way to guarantee the infection will be removed.
We actually don’t know the true percentage of businesses hit by Ransomware or how many times they paid and got the data back as many businesses would not report it due to the ramifications they could face from publicising. Now in the UK with GDPR businesses would have no choice or face hefty fines. Not only that they would have to tell every person they held personal data for and this could ruin a business.
How Much Are They Asking For?
From our research we learnt that cybercriminals actually do their own homework on your business too. The reason for this is so that they don’t set a ransom too high that there would be no possibility for you to pay it. They may consider it a personal service but this just proves how much data they must have access about your company or that level of customisation wouldn’t be possible. Hospitals and the NHS was hit by Ransomware so it is not just small businesses. As businesses pay they will match payments to equal sized businesses and use this to judge how long to allow for payment with other companies.
Can You Afford The Loss?
There are two ways to look at this question, can you afford the financial loss by paying a Ransom and depending on the circumstances the financial loss impacted by regulations such as GDPR. The other aspect is can you cope with the data loss by not paying?
You may be in a position where you can just wipe the machine re-install and be on your merry way. If this is the case then the obvious course of action is the right one to take, however many of us are not in this situation and in fact even if you think you are in this scenario you could be wrong.
Regulations play into a heavy role here, consider you get infected and your computer(s) were housing customer data or medical data. That would mean the it isn’t just a personal action and you have to establish the legal ramifications and the next steps you need to take.
Be careful if you do decide to let the threat take control as there are new variants such as disk killer that can cause catastrophic issues to your computer or networked computers.
Do You Trust Your Backups?
We have come across situations all too often where businesses discover their backups are not robust enough. Without proper testing it could be too late to do anything about backups, either they are infected too or damaged and unrecoverable. We have seen cases where companies were infected by Ransomware they decided to do recovery from a backup from a month prior to any sign of infection and they got re-infected. What really happened is the Ransomware is often placed in the machine either months, or longer in a dormant state and recovering from a backup could get you into a Groundhog Day situation, a great film but not so great for businesses.
Please note that Dropbox is not a true backup solution, we have dealt with businesses using Dropbox as a primary backup source, it can be very helpful to share files with colleagues but lacks sufficient privacy and if your Dropbox files get infected then so do your backups.
Even if your backups are good what is your recovery process? If you have to take down the business for hours/days to restore this could cause disaster level affects. Checking backups should be essential to your running operations and if recovery isn’t feasible in a timely fashion then you need to replace what you have.
How Is Your Policy?
When we speak with businesses they are adding Ransomware into their plans, more and more disaster recovery and their roadmaps are laid out. With that in mind often the decision about wether to pay a ransom is predetermined by their plans. With a plan in place you can make the best decision for your business.
Stay Safe, Avoid Infection
Ransomware is as big a beast as it always has been, reports have been reduced but as data is so critical to businesses existing the importance of staying safe is above all others. Cyber Criminals are making it their full time job. Methods of infection is often too simple such as phishing e-mails and unsuspecting employees clicking on links or opening attachments and it is easy to become convinced it is legitimate.
You can train your staff but there is only so much training can do, a business deal going on and discussions through e-mail that has been happening and suddenly you receive a reply with a link to a document or a document itself that looks legitimate but is secretly a file with a hidden executable file. This isn’t just a possibility, this is a fact of what unfortunately is happening in the world.
The use of SPAM filters and Managed Antivirus is recommended, you also need to make sure your backups are secure, efficient and able to be quickly restored with minimal downtime.
Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology