Let’s face it getting hit with a ransomware attack just plain sucks, your files get encrypted by cybercriminals and are held hostage. You are then left having to decide: should we pay to get them back? Sadly, this is a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone. Here’s what you should consider if you’re ever in this situation.
Do you trust them?
We have all seen the TV shows where the rich guy’s son or daughter is kidnapped and when they pay the ransom the kidnappers take the money and kill the kid. This situation is no different. The cold fact is that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key after you pay up? Most attackers demand you send the payment via untraceable Bitcoin, so you can do nothing if they take the money and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want the embarrassment of a breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.
Can you manage the impact?
In the best-case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like “KillDisk” which can permanently wipe your entire hard drive or even your entire network.
How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.
Are your backups good?
Many businesses are discovering too late that their backup systems aren’t good enough to withstand this kind of attack. Often the backups themselves become infected too, they weren’t up-to-date or they backed up the wrong data. OUCH. It’s worth doing some quick checks on your backup processes because even if you must shut down the system for a day so you can recover, you’re still light years ahead of those without them.
What’s your policy?
More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop this chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.
Stay safe in the first place
Ransomware is just plain evil and it is showing no signs of slowing down. There is just too much easy money for the crooks. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. We recommend using business-class spam filters, such as our excellent “N-Line Spam Control” Product, to catch these types of emails before they land in your employee inboxes. You want that ransomware attack be something that happens to other businesses, not yours.
N-Line Technologies can help you secure your data systems now!
Call us at 432-279-0671
We proudly service Midland and Odessa Texas and the Permian Basin area.
Contact us today!