Blog

Ransomware: To Pay Or Not To Pay?

October 1, 2020
Steve Fox

By the end of last year, the Federal Bureau of Investigation (FBI) received 2,047 ransomware attack complaints, accounting for approximately $8.9 million in losses. In fact, researchers are predicting that email-based ransomware attacks will continue to rise, especially as more people work from home amid the COVID-19 pandemic. Despite the rise in incidents, the average ransom amount has actually dropped: In some cases, as low as $100 in Bitcoin. The big question facing businesses today, however, isn’t the average ransom amount demanded from cybercriminals. It’s how the business should prepare for a ransomware threat and whether it should pay (or not pay).

WHAT YOU SHOULD KNOW ABOUT RANSOMWARE IN 2020

You’ve probably heard it before: Ransomware and other malware can gain access to your entire company’s data and systems through seemingly innocuous digital activities (e.g., opening an infected email attachment, visiting a corrupted website, clicking on a malicious digital advertisement). Once infected, the ransomware can encrypt your data or otherwise block your ability to access information or systems. It happens all the time and it can render a business incapacitated.

In many instances a person may unknowingly infect not only his or her computer, but the company’s network and data infrastructure as well. That is, until you lose access to your data or receive a ransom demand! As with most IT security initiatives, it’s important to have a plan in place for how you will address ransomware attacks.

RANSOMWARE ACTION PLAN

Your ransomware action plan should include input and buy-in from key stakeholders throughout your organization. Protecting your business from ransomware is an organization-wide initiative, so it’s important to include representatives across the organization as well.

Here are three items to include in your action plan:

  1. Response team: When a threat is identified or a ransom received, who will be involved in the response? What are the roles and responsibilities of those on the response team? Clearly documenting the team members and their respective roles within the response will help each person hold themselves and team members accountable should a threat surface.
  2. Payment decision: As an organization, you must decide whether paying a ransom will even be an option. Will this be determined on a case-by-case basis or will you establish a ransomware payment policy? If you decide that payment is an option, you’ll want to consider how you will obtain and deliver those funds. For example, ransom is often requested in Bitcoin, so be sure you have a documented plan for issuing crypto-currency payment.
  3. It should also be noted that there is an inherent risk associated with ransom payment. There is no guarantee that payment will result in your company regaining access to your data. In fact, according to the FBI, “due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key.”
  4. So even if your company chooses the payment option, there’s still a possibility that your data will remain corrupted and inaccessible. Paying could result in even higher monetary losses, business interruptions, and damage to your company’s reputation (internally and externally).
  5. Data recovery: Evaluate your company’s current process and policy for data backups. How often will your business backup data? Daily? Weekly? How long will those backups be stored? If your data is compromised due to cybercriminal activity, what will your process be for recovery? Who will be involved?

Outlining the details and responsible parties will help your team create a solid action plan that can be executed immediately should a threat occur.

Proactive, organization-wide security measures

Preventing an attack should be priority number one. Through effective security measures and staff training, your organization can minimize the risk to your organization.

  • Ensure operating systems, software, and applications are updated and/or patched regularly to address any security vulnerabilities.
  • Back up company data regularly and store those backups in a secure location. Do not leave your backups vulnerable to additional attacks.
  • Establish a business continuity plan.
  • Train staff members on cybersecurity threats, including malware. Provide examples and educate your team on the risks and consequences of engaging with websites or emails from untrusted sources.
  • Establish an escalation plan for suspicious emails or digital activity. Encourage the entire organization to be on the lookout for potential vulnerabilities.

Cybercriminals and cybercrime are not going away. As businesses continue to evolve and adopt new technologies, cybercriminals will do the same and will attempt new, sophisticated methods of attacking your systems. Although you can’t prevent cybercriminals from trying, you can prepare your team and your business to defend against them – or in the worst-case scenario, quickly and effectively address an attack to minimize disruption and losses.

«  Back To All Articles
Next Article
  »
Misconfigurations for Office 365
5 Most Common Attacks That Dodge Your Firewall.
4 Pentest Paradoxes You Must Get Right
Do a Risk Assessment before buying MDR
6 Rules of Engagement for any Penetration Test
Cyber Alliance Program
Your Perimeter is Disappearing
Cybersecurity Acronyms for Retirement Administrators
XDR, MDR, SOAR - Acronyms of Cybersecurity Detection & Response
Test Blog Post 3
Test Blog Post 2
White Paper - XDR for Retirement Systems
The Total Cost of Ransomware - 7 Categories
The Power of Data Continues to Grow
Who Shares Responsibility for Data Security in a Health Crisis?
Identifying Cloud Security Gaps in a Remote Workforce
Mid-year Threatscape Assessment and Review of Significant Cyber Incidents
Front Line Report: 2020 Election Cybersecurity Threats
The Rising Stakes of Compliance: GDPR, CCPA, and Others
Increasing Healthcare Cybersecurity With a Proactive Defense Strategy
5 Ways to Lower Risk and Maintain Privacy in Your Organization
9 Tips for Detecting and Preventing DDoS Attacks
5 Ways to Secure Your Access Control Vulnerabilities
6 Strategies to Prevent SQL Injection Attacks
7 Commonly Neglected Security Tasks: DMARC, DNS Calls, And More
The Impact Of A Cyber Attack On A Nation
History Matters: Cyber Attacks From The 1980S
What Healthcare Organizations Need To Know About Samsam Attacks
Reflecting On 2019: Blockchain, AI, Machine Learning, Cryptojacking, And More
California Consumer Privacy Act (CCPA): What You Need To Know
Why Covid-19 Phishing Criminals Love Machine Learning (Ml)
Malicious Bot Activity Continues To Rise As Employees Work From Home
How Crypto-Agile Is Your Organization?
How Businesses Can Prepare For The Coming Iot Surge
Where To Find Cybersecurity Help: Addressing The Security Expert Shortage
Ransomware: To Pay Or Not To Pay?
How Expensive Is A Data Breach?
Looking Ahead: The Cybersecurity Landscape In 2021
Attack On Solarwinds Infiltrated U.S. Government Networks: What It Means For You
5 Best Practices To Secure Your Remote Workforce
Top 5 Most Dangerous Ransomware Attacks — And How To Protect Your Business
Reduce Data Breach Costs With Artificial Intelligence
5 IoT Trends To Continue Watching In 2021
AI Poisoning: What You Need To Know To Protect Your Business
Zero Day Exploits: Advanced Cyberattacks
Why Users Should Never Auto-Fill Forms: Browser Exploit Overview
Don't Be Fooled By Padlocks And SSL Certificates
5 Ways To Shield Executives From Whaling Attacks
How Artificial Intelligence (AI) Is Helping Cyber-Criminals
Why Breaches Are Becoming More Difficult To Defeat
History Matters: Cyber Attacks From The 1960S
History Matters: Cyber Attacks From The 1970S
History Matters: Cyber Attacks From The 1990s
History Matters: Cyber Attacks From The 2000S
The Rise Of Mobile Malware
Growing Concerns Over Voice Phishing Scams
Stopping The Spread Of 5G Security Vulnerabilities
Why Small Business Is A Big Cyber Crime Target
Feeling The Heat: Geopolitical Cybersecurity Threats
The Role Of Artificial Intelligence In Effective Cyber Attacks
Absolute Zero: Zero Trust And Zero Standing Privileges
Data Security Challenges in the New Era of Remote Work
Why Penetration Testing Has Never Been More Important
5 Ways to Protect Your Business From Phishing Attacks in 2021

join our email list

Security Pursuit logo
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
Professional ServicesProduct Solutionsaboutpartnersblogcontact
denver office
2000 Araphahoe Street, Suite 1
Denver, CO 80205
720-675-7668
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
san francisco office
2315 Montgomery Street, 10th Floor
San Francisco, CA 94104
415-735-4225
© 2021
Designed by H1 Web Development