Ransomware attacks are an insidious way of attacking a network or device. Bad actors are expanding their business models to include cryptocurrency demands, personal profiling of targets and highly customised ransom demands. Ransomware breaches grew in numbers by 41% last year and the sheer number of attacks poses  a significant threat to organisations worldwide.

Ransomware is a type of cyber attack where an organisation's data is encrypted by malware, rendering it inaccessible. A demand for a ransom payment in exchange for the decryption key or restoration usually follows. The decision on whether to comply with a ransomware demand should not be taken lightly as it is a complex issue which requires careful consideration.  

To Pay or Not to Pay

When an organisation's network or data is compromised and locked down – of course the first thing that would cross the mind of the CISO or leadership team is to recover it immediately. If no backup is available, it can be tempting to pay the ransom to get back to work.

If you choose this option, it's crucial to keep in mind that paying the ransom does not guarantee that the attackers will actually deliver the decryption key.  Paying the ransomware demand may also encourage future attacks, as attackers may see an organisation that has paid once as an easy target.

In a more insidious way, paying a ransom request is creating a net-deficit in cyber security postures as the funds are undoubtedly used to fund the next round of attacks. Companies who decide to pay the ransom generally do so rather quickly, and are usually organisations that don’t have a robust system in place for business continuity. It’s likely the attackers suspect this, and that they have been profiled using OSINT (Open-Source Intelligence) techniques or other means of research and intelligence.

Ransomware attackers can be considered organised crime, and thus any profit they make from collecting a ransom just drives up the collective cost for those who will fall victim in the future, as the income generated just increases the financial viability of the ‘business’ and the capacity at which they can operate.

Learn more with Bytes with Bec and Benji

To hear more about Ransomware and how it can affect your organisation - listen to the Phriendly Phishing podcast "Bytes with Bec and Benjji" and their episode featuring Alastair MacGibbon.

Click to access

Getting back to business

The best way to move on from an attack is just that – get back to business as soon as possible, implement your disaster and business recovery plan, and do not negotiate with cyber terrorists! If an organisation in turn spent real money on strengthening their cyber security maturity and undertook training of staff, then it might reduce their risk in future.  

Organisations should keep in mind that there are alternatives to paying the ransom, such as having a disaster recovery plan, and business continuity plan. Deploying a clean data restore from backups, working with law enforcement agencies to track down the attackers, and investing in cybersecurity measures to prevent future attacks.  

One thing that is less likely to be on your business recovery plan, is how to recover from emotional stress. Facing the loss of a business, job or livelihood can impact even the most stoic of business owners. If your organisation is impacted by a ransomware event, try to keep in mind the impact to the people in your employ as well as your leadership team, who may all be going through some uncertain times.

Reporting cyber attacks

Reporting your breach to the relevant authorities and law enforcement in your country is imperative as is being transparent about the situation with your employees and customers, and managing your reputation while the situation is understood and resolved.

Training all your employees to adopt a culture of security awareness from the get-go is one of the most valuable investments you can make, as 95% of breaches start with human error. Further investing in cyber security managed services and regularly backing up data can help organisations prevent future attacks and reduce the impact of a ransomware attack.  

Ultimately, the best way to deal with ransomware attacks is to prepare and prevent them from happening in the first place.

For an indepth look at how our security awareness training can support your organisation and to try our ransomware simulator, contact us now.