I know that even the thought of a ransom attack on your business leaves a deep burning ulcer-like feeling in the pit of your stomach. We’ve been seeing so many ransom attacks hit businesses, governments, hospitals, you name it—that we’re all tired of seeing the recurring headlines of who was last hit by malicious software encrypting ALL of your critical business files.
But one question that likely won’t surface until you’re actually hit by ransomware is “should I just pay the ransom and be done with this?”
This is a huge question in and of itself. On the one hand, if the criminals kept to their word (usually they do about 75% of the time) you and your team could be back working relatively quickly (typically it takes about a week or so—depending on the size of your network—for a hacker to decrypt all of your files).
But on the other hand, you’re shelling over good money to criminals that have already caused serious strain on your business. And even worse, by paying the ransom, are you encouraging more cyberattacks (even more cyberattacks directed at your organization)?
Today I want to walk through the consequences of paying the ransom and provide you with a few tips to make sure you won’t need to pay a ransom in the event your network got attacked by a ransomware virus.
A ransomware attack can happen from so many angles.
Maybe someone on your IT Support team forgot to patch a server? Maybe you’re running a legacy operating system or software that no longer is supported—where a hacker found his way onto your network? Maybe a user clicked on a link in an email (note: often, users are allowed to check personal email on networks—this is not secure and may bring in a bunch of malicious viruses)?
However the virus got on your network, all of your files are encrypted.
ALL of your critical and sensitive files, ALL of the files you need to operate day to day encrypted and inaccessible. Your first inkling when scanning your desktop and finding a ransom note is to immediately follow the instructions to pay the $50K in bitcoin.
What could be the harm in paying the ransom?
You become a bigger sitting duck the next time—note that cybercriminals keep track of businesses that actually pay ransom. What they see is people that likely will pay again and again if put in a similar situation. When you get hacked once (and especially if you pay), be sure that someone is taking note. Even if you’re able to recover your data, you may have just put your business more at risk for future attacks.
Your sensitive data may have been compromised—if your business works with sensitive data—say employee W2s, SSNs, client data, passwords, health records, insurance information (just to name a few)—by having the cybercriminal run their decryption key across your network, you may have just handed them a whole bunch more of free data. You see, while files are encrypted on your network, the cyber criminals are not able to actually see the contents of the files. But once you allow them to use their key to decrypt your files, they are able to see (and may be copying) all of this encrypted data to an undisclosed location for future exploitation. Are you willing to take the risk?
Your data may stay encrypted—like I alluded to above, cybercriminals don’t always follow through on their word. Even when you shell over big bucks for your data back, you may end up with inaction. That means you’re further in the hole for the ransom amount and still have to figure out next steps.
Decryption won’t get you online immediately—also note that decryption of a network often takes at least a week (depending on the size of your network, it could take a few weeks). Since decryption requires a lot of memory, it isn’t just an instant unlock. Each file needs to be decrypted one at a time. Even though you’ve paid the ransom and the hacker has come through on his promise, you are still facing a lot of downtime to come!
The FBI warns not to pay ransoms for ransom infections—the FBI and other governmental organizations warn that paying the ransom could just make situations worse. It might be best to heed government warnings and stick to avoid making ransom payments.
So what can you do to avoid being tempted to make those ransom payments?
Backup your data OFFSITE!—this is huge! Most businesses think their data is backed up, but many either have failed backups or their backups are being unknowingly stored directly on their network. In the event of a ransom attack, those backups would be completely useless—encrypted like every other file on your network. You need to make sure your backups are being stored offsite (in a location that cannot be accessed directly from your network!).
Test your backups!—most IT Support companies never do this simple step! Instead of testing backups, they check their dashboards that tell them that backups were successfully completed. Without manually verifying the continuity of a backup, you’ll never know whether they actually exist! We’ve had many potential clients come to us in emergency situations because their IT Support never tested a backup and were put in a spot where they had none of their data after a ransom attack! Bottom line: make sure your IT Support is capable of testing backups (if they’re not, consider moving on!).
Have a disaster recovery plan that is tested too!—another big issue with most IT Support is they don’t have a clue how to recover your business data in the event of a disaster (like a ransomware attack). They’ve never practiced going through disaster recovery with your business. And they will be left completely underprepared when it comes to mitigating a ransomware attack. Without a tested disaster recovery plan (which includes at least an annual conversation with you and critical roles on your team), you will never know whether you’ll be able to survive a ransomware attack or a spring tornado!
Concerned about your security against cyberattacks? Contact us today for a FREE ransomware assessment!
