Ransomware. It is the digital scourge of our time. Ransomware attacks are increasing at an alarming rate and are affecting more people and especially businesses than ever before. Some security experts suggest it's not a matter of if a business will get hit by a ransomware attack but when. Here’s what you should consider if you’re ever in this situation.
Do you trust them?
Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via a digital currency such as Bitcoin which is untraceable meaning you have no recourse if they decide to take your money and run. You also face the possibility that they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts.
Can you manage the impact?
Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive or even network as well as others which actively look for and encrypt or delete backups.
How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large entities like corporations, hospitals and governments are often hit with very high demands. Meanwhile small business demands are usually more modest (but still expensive!). They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, and use that as a gauge as to what they'll demand and how quickly they will expect you to pay up.
Are your backups good?
Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them. Regular backup checks are becoming increasingly mandatory as the days of just assuming your backups are good and working are quickly disappearing.
What’s your policy?
More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business. If you don't have a policy in place, now may be a good time to start thinking about creating one as having a battle plan will help you work through an attack much more quickly and efficiently while minimizing downtime.
Stay safe in the first place
Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails - those emails that trick employees into clicking a link - and they can be extremely convincing. Training employees can help stem the tide, but it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours. If you'd like to learn more, we'd be happy to help.