Never Pay a Cyber Ransom

November 13th, 2019 | Cyber Threats, IT Security, Security Policies

60% of organizations have experienced a ransomware attack in the last 12 months.

A ransomware attack is the use of malicious software to restrict access to a computer system or data. If anyone tries to access the restricted system or data, they’ll find a ransom note demanding the payment of a ransom fee to restore access. Most organizations are not prepared for a ransomware attack, so they feel pressured into paying expensive ransom fees and recovery costs. Organizations that have done proper backup and recovery planning won’t feel pressured into paying ransom fees because they’ve already prepared for an attack.

Why You Should Never Pay a Ransom Fee

  1. Paying a ransom fee perpetuates the cycle of ransomware. Cybercriminals will continue to carry out ransom attacks if it’s profitable, so by paying a ransom fee, you’re contributing to the growth of the ransomware industry.
  2. There is no guarantee you will get your access or data back. Even after paying the ransom, it is likely for a company to receive only part of their data and then another ransom demand for the rest of it. Once you identify yourself as a company willing to pay, cybercriminals will take full advantage of that.
  3. Less than a third of companies pay the ransom to get their money back. A company may pay a ransom expecting that the cybercriminal will be caught and their money returned. Unfortunately, that rarely happens. So if you pay a ransom fee, don’t ever expect to see that money again.

How To Protect Your Organization From a Ransomware Attack

Ransomware is most commonly delivered through social engineering. It only takes one employee to click a bad link or open a malicious attachment to allow the ransomware into your network. The best defense against a ransomware attack is a proactive one. Training your employees to recognize and avoid social engineering attacks will save your organization the time, money, and energy of responding to a successful cyberattack.

Learn how to train your staff to avoid social engineering attacks

No organization, no matter how prepared, is 100% immune to cyberattacks. Establishing a security-minded culture with trained staff will drastically reduce the likelihood of a successful attack, but there is still a chance an attack will slip through the cracks. That small chance of failure is why backup & recovery is essential for an effective IT security plan. Proper backup & recovery planning can give an organization confidence that you can recover your data and systems with minimal cost and downtime even if the worst-case scenario occurs.

How to Plan for Backup & Recovery

Critical Information Assets

Your organization’s information has financial value. Therefore, you need to keep an inventory of your valuable information the same way you keep an inventory of your physical assets. Start by creating a list, typically 5 – 15 items long, of your critical information assets. Examples of critical information could be your patent/copyright information, customer database, employee information, etc.

Critical Business Systems

Critical business systems are things you can’t reliably conduct business without. For example, maybe you have a warehouse with an inventory control system and an order processing and fulfillment system. Those would be your businesses’ critical systems. Additionally, establishing which critical systems will help you determine how much to invest in backing up each system and its recovery priority.

Target Recovery Point Objective

An RPO (Recovery Point Objective) determines how often an asset needs to be protected. If that asset or system was damaged and you had to return to your last recovery point, how much-changed information would you potentially lose? Most organizations start with an RPO of one day just for purposes of building a plan. They can tune it economically from there. Tighter RPOs cost more money. Looser RPOs are generally more economical and appropriate for archives data. Each critical information asset and critical business system needs its RPO.

Target Recovery Time Objective

Your RTO (Recovery Time Objective) sets a target for how quickly your system needs to be back up and running. For example, critical systems might have an RTO under a business day, less critical systems might have an RTO of a day or even a week.

Scheduled Auto-Backup Process

The right backup solutions are automated. They are monitored and regularly validated to prove that they’re ready to recover information if needed. Faster recovery capability usually means more planning, more testing, and more expense, but it’s all an economical choice. After figuring out your RPO and RTO for an asset, you can set an economically appropriate backup and recovery process.

Secured Backup Storage

Experienced cybercriminals will attack visible backup systems, even before they begin attacking data and business operations, to increase the chances an organization will be coerced into paying an expensive ransom. Therefore, you must keep your backup location separate from the asset that it is backing up. If your backup is in the same network as the asset, it is protecting. Then it is likely your backup will be lost or damaged if that asset is attacked.

Ready Recovery/Restoration Plan

A backup plan is only effective if you have confidence that you can recover from it when needed, much like a security incident response plan. The process of restoring your critical assets from backup should be known, validated, and tested before it’s needed. Restorations are easier than others; restoring a file is much easier than restoring an entire email system. The restoration of Each asset may face specific technical challenges to resume operations, and your IT team should know what to plan for.

By following the backup & recovery steps above, your organization will be far more prepared for a ransomware attack or any other IT security scenario. If you still have questions about ransomware attacks or IT backup & recovery, view our IT support services to answer your questions or concerns.

Security Preparedness Content Offer Call to Action