Ransomware: Don’t Wait for the Ransom Demand
It didn’t take long. We started advertising our ransomware assessment and strategy service and the phone started ringing.
But these weren’t calls from organizations looking ahead. They were people who were staring at locked systems and ominous ransom demands. Their days had been diverted from “business as usual” to crisis management.
These poor souls were learning the hard lesson that the best time to minimize the potential damage, length of recovery, and stress is before you are infected. As they were trying to get their heads around their current situation, they were coming face-to-face with some harsh realities.
Decryption has a low success rate
Can you regain access to encrypted systems and files without paying the ransom? While there are ways to decrypt ransomware, there are no guarantees other than you’ll burn time and money trying. More often than not, success is dependent on there being a known key for your particular infection. In other words, if you’ve been infected by dated ransomware or a lazy attacker, you may luck out.
Far better is to have a process that ensures you maintain clean and regular backups. When you have a current copy of critical data and systems, you can wipe the slate and recover with minimal data loss.
Also, after you’ve been hit with ransomware, it’s not as simple as regaining access to what’s been locked down. You will need to identify the root cause of the infection. If that isn’t addressed, you’re likely to be a victim again.
SHOULD YOU PAY THE RANSOM
With proper preparation, you should never have to even consider this question. If you’ve put strong efforts into staff training and other preventative measures, you might avoid it. But, even then, preventative measures are not enough. Someone, at some point, may click on something they shouldn’t.
The FBI and other authorities advise against paying a ransom. After all, you are not guaranteed that you’ll get a valid decryption key from these criminal types. In addition, paying can set you up as a marked target for future attacks. And, by paying the criminals, you’re funding and encouraging more of these crimes.
If you decide to pay, you should do so only when you have no other realistic choice. Ransoms are strategically priced to hurt, but not so badly as to thwart consideration. When you have no other options, that’s when you may end up making choices you’d rather not.
Instead, answer the question now. Good data segmentation practices and controlled access that help contain an infection, and uncompromised backups are liberating. They can give you the leverage you need to say “no”.
Cyber Insurance is Partial Coverage
No doubt, procuring cybersecurity funds can be a challenge. When trying to prioritize spend, one might be tempted to think they can fall back on cyber insurance as an alternative to taking proactive measures. This approach leaves you vulnerable to breach and is likely to be a financial loser if a breach does occur. Plus, insurance carriers are becoming more discriminating and we’ve witnessed organizations being denied coverage due to inadequate controls. Overall, it’s not a good strategy.
Typically, the cost of remediation isn’t close to that of the damage done to the business. Downtime, especially when significant, can be crippling — and likely not covered by insurance. Neither is any damage done to your company’s reputation for poor data security or impacted services. As pointed out by Casey Boggs, founder of reputation and crisis management firm ReputationUs, “Your company’s good reputation is a critical asset. One that can be undone far more quickly than it was built.”
Beat Ransomware Today
The good news is that there are clear actions you can take now to prevent, help contain, and recover more quickly. Train your staff. Add the right cyber security tools. Segment your data. Only give critical system and data access to those that need it. Monitor your environment. Maintain clean backups. For a more complete list or additional help, ask us.
Watch our FREE, on-demand webinar, “6 Ways to be Ready for Ransomware.” Based on our experience, learn how most organizations should focus to improve their ransomware readiness.
We often talk about security services getting engaged following a “compelling event.” Commonly, this is a compliance audit, or, less fortunately, some form of ransomware attack or breach.
When it comes to ransomware, make proactive preparation your compelling event. Position your organization to prevent, contain and recover from a ransomware event BEFORE it’s too late. Contact us if you’d like to learn where you are most vulnerable and what prioritized steps your organization should take.
JIMBO RALEIGH
Jimbo Raleigh is GMI's Director of Marketing. With nearly four years promoting cybersecurity services, he loves helping organizations improve their security postures and solve their business challenges. In his spare time, Jimbo can often be found swimming laps, playing doing his best at pick-up basketball, or cheering for his hometown Portland Trailblazers.