It didn’t take long. We started advertising our ransomware protective services. The phone started ringing.
But these weren’t calls from companies looking ahead. They were people who were staring at locked systems and ominous ransom demands. Their days had been diverted from “business as usual” to crisis management.
These individuals were learning the hard lesson that the best time to minimize the length of recovery, potential damage and stress is before you’re infected. As they were trying to get their heads around their current situation, they were settling into some harsh realities.
Decryption Has a Low Success Rate
While there are ways to decrypt ransomware, there are no guarantees other than you’ll burn time and money trying. More often than not, success is dependent on there being a known key for your particular infection. In other words, if you’ve been infected by dated ransomware or a lazy attacker, you may luck out.
Far better is to have process that ensures you maintain clean and regular backups. When you have a current copy of critical data and systems, you can wipe the slate and recover with minimal data loss.
Should You Pay the Ransom?
With proper preparation, you should never have to even consider this question. If you’ve put strong efforts into staff training and other preventative measures, you might avoid it. But, even then, preventative measures are not enough. Someone, at some point, may click on something they shouldn’t.
The FBI and other authorities advise against paying a ransom. After all, you are not guaranteed that you’ll get a valid decryption key from these criminal types. In addition, paying can set you up as a marked target for future attacks. And, by paying the criminals, you’re funding and encouraging more of these crimes.
If you decide to pay, you should do so only when you have no other realistic choice. Ransoms are strategically priced to hurt, but not so badly as to thwart consideration. When you have no other options, that’s when you may end up making choices you’d rather not.
Instead, answer the question now. Good data segmentation practices and controlled access that help contain an infection, and uncompromised backups are liberating. They can give you the leverage you need to say “no.”
Cyber Insurance is Partial Coverage
No doubt, procuring cybersecurity funds can be a challenge. When trying to prioritize spend, one might be tempted to think they can fall back on cyber insurance as an alternative to taking proactive measures. This approach leaves you vulnerable to breach and is likely to be a financial loser if a breach does occur. Overall, it’s not a good strategy.
Typically, the cost of remediation isn’t close to that of the damage done to the business. Downtime, especially when significant, can be crippling — and likely not covered by insurance. Neither is any damage done to your company’s reputation for poor data security or impacted services. As pointed out by Casey Boggs, founder of reputation and crisis management firm ReputationUs, “Your company’s good reputation is a critical asset. One that can be undone far more quickly than it was built.”
Beat Ransomware Today
The good news is that there are clear actions you can take now to prevent, help contain, and recover more quickly. Train your staff. Add the right cyber security tools. Segment your data. Only give critical system and data access to those that need it. Monitor your environment. Maintain clean backups. For a more complete list or additional help, ask us.
We often talk about security services getting engaged following a “compelling event.” Commonly, this is a compliance audit, or, less fortunately, some form of breach.
When it comes to ransomware, make proactive preparation your compelling event. Position your organization to prevent, contain and recover from a ransomware event BEFORE it’s too late.