Ransomware

Even though ransomware attacks decreased in 2018, they remain a major threat in the cybersecurity landscape. So much so, that ransomware was recently featured on 60 Minutes. The story primarily covers three major instances of ransomware, two that affected municipalities, and a third that targeted a hospital.

All three were attacked in a way that encrypted every single one of their files and also encrypted some of the files within their backups, sending the organizations back to operating on pen and paper. Two, despite FBI recommendations, ended up paying the ransom to restore their data quickly, while the third decided not to pay the ransom and went about remediation on their own.

The hospital was hit with a $55,000 bill, while one municipality (Leeds, AL) was able to negotiate payment down to $8,000. These ransom sums may not appear astronomically high, but that’s exactly how the hackers keep going. If they requested millions in ransom, no one would pay. An amount in the solid five-figures, though, feels doable for most organizations to get their precious data restored. The third entity (Atlanta, GA) suffered millions of dollars in losses and time in efforts to recover. Some of their data could never be recovered.

The story presented a very clear picture of the dangers surrounding ransomware; however, there were two major issues in the story. First, the entities covered were obviously major entities implying that you needed to be in the public eye to be affected. This is certainly not the case. In fact, nearly 50% of small business owners say their business was affected by a cybersecurity attack in the last year. Ransomware is not just for highly public entities.

Don’t Pay the Ransom

Perhaps more importantly, the story painted paying the ransom as the cheaper and often faster way to go. In very rare occasions, paying the ransom is the only option; but if you’re stuck in a ransomware trap, we do not recommend jumping straight into paying the ransom. Here’s why:

1. Sure, after you pay the sum (typically in bitcoin), the vast majority of hackers suddenly become ethical and return your files. Let’s look at the reality, though. You’re relying on someone who just took your data hostage for an exorbitant fee to return that data to working order simply because you held up your end of the unwanted bargain. Sounds a lot like using hope as a data recovery strategy to us. At any point the hacker could respond, “Thanks, but no thanks!” or “Well, we thought this would be a sufficient amount”; but we ran into snags with your recovery. We’ll actually need x number to finish the job.”
2. Prevention is a better strategy. If your back-up is set up correctly with an on-premises and multi-tenant off-site solution, you should be able to roll back to data that existed before the ransomware attack. Granted, you may lose some data in the process if the encryption gets into the backup like it did in the attacks covered in the 60 Minutes.  Losing some data is a lot better than putting yourselves up the creek financially by paying a major ransom. In addition to proper backup, ensure that you’re effectively training employees and stringently monitoring data coming in and out of your network.
3. Isolation is possible. In short, don’t store all of your valuable data in one place. If, on the off-chance, ransomware breaches your network, you don’t want to give it an open door to encrypt absolutely everything of value. Keep all critical applications on isolated networks to maintain global network safety.

Ransomware attacks may be on the decline. However, that just invites the hackers to come up with a more creative way to scam you out of time and money. Perhaps phone ransoms are coming next. Regardless of what the hackers create, make sure you’re prepared and don’t have to rely on paying a hefty ransom to keep your business in operation.