To Pay or Not to Pay: That’s the Ransomware Question
One of the most important decisions businesses need to make when they’re hit by ransomware is whether to pay the ransom. Though most of the advice given is that businesses should not pay the ransom, studies show that 40% of victims pay the ransom, and it’s safe to assume the real number is higher.
Recovering from ransomware can be time-consuming and depends on having reliable backups. These factors drive businesses to pay their extorters, as they feel they can’t afford the downtime or don’t trust their backups. For some healthcare businesses, the downtime is a matter of literal life and death.
In addition, the cost of recovering from ransomware by restoring from backups may appear to be greater than simply paying the ransom. This is particularly true for business that have cyber insurance, which may cover the cost.
Despite this, there remain good reasons not to pay after a ransomware attack. Studies have shown that as few as 19% of businesses that pay the ransom actually get their files back. In addition, ransomware payments to certain criminal organizations violate federal law. Lastly, businesses that pay a ransom once make themselves targets for additional attacks; bad actors have access to lists of businesses that have paid ransoms and may target them specifically.
As a result, the best recommendation continues to be to protect the business against a ransomware attack in the first place and to have a reliable, tested process for recovering from backups. Achieving this requires:
Antivirus, firewalls, and other cybersecurity tools are critical to keeping out ransomware and other damaging malware.
Employees need ongoing training in safe computing practices to keep them from clicking on dangerous attachments and links, as well as falling for other phishing scams.
Reliable, protected backups.
Recovering from ransomware requires the ability to restore from backups, so it’s essential that businesses have a reliable backup process which is monitored to ensure success. There must also be a means of verifying that all systems are included within the backup process. In addition, backups must be protected from tampering, through encryption and use of immutable storage devices or devices that are disconnected from the network and other systems when not in use, as well as an off-site location for secure storage of backup copies. Encryption keys must be protected from tampering, as well.
Reliable, tested recovery processes.
Even good backups aren’t enough to ensure ransomware recovery; businesses need to know how to find the necessary backup, extract the appropriate files, and restore systems to consistent status. This requires the recovery process to be both documented and tested.
Make sure you’re protected from ransomware and know how you’ll respond in case of an incident. Cybersecurity services from Prescient Solutions help protect you from all types of malware. Contact us to learn more about the best ways to defend against ransomware.