On the surface, falling prey to a ransomware attack is the absolute worst-case scenario — only it doesn’t end there. What comes next for most victims is a monumental decision that must be determined under immense pressure, and with little time to waste. To pay or not to pay. That is the question.
If you ask the FBI, the answer is a definite “no”. The belief here is that paying the ransom not only rewards cyber criminals for their sinister deeds, but fuels the ransomware fire by directly funding their operations and simply emboldening the attackers. IT security experts suggest contacting authorities, who they say can help remediate the issue and gather valuable intel that may lead to the arrest of the actors, ideally, preventing further attacks down the line.
While ransom payment detractors speak with a degree of validity, their recommendation to hold out could be a classic case of easier said than done. Take the Colonial Pipeline ransomware incident, for example. Within hours of discovering the infection, the company paid a hefty ransom fee of $4.4 million dollars, citing the mission-critical nature of its operations as the reason. Colonial Pipeline transports refined oil from its Texas base through the coastal United States, accounting for nearly 50 percent of all fuel consumption on the East Coast.
Racing Against Time
A successful ransomware attack renders its victims powerless. Systems are inoperable. Critical operations are suspended. Unable to perform vital job functions, projects cannot be completed, customer orders cannot be fulfilled, and contractual obligations cannot be honored. The affected organization stands to lose more money for every second of downtime that passes. And to compound matters, the attacker’s established deadline inches closer. So where do you go from here? Let’s examine our scenario from both sides of the argument.
To Pay
The process of paying a ransom must be executed carefully to minimize further damage. Key decision makers should review the payment method to ensure that funds can be transferred through the chosen processor. Meanwhile, public relations are on standby to manage brand messaging in the wake of the fallout. In the interim, IT security personnel are at work in the background, trying to gauge the severity of the infection and limit the spread. Once the payment has been completed, you’ll contact the hacker’s representative to confirm the transfer and receive the decryption key to recover your data.
Unfortunately, there are no guarantees where ransomware is concerned. Cyber criminals have become notorious for sending decryption keys that are either incredibly slow, or simply don’t work at all. For this reason, fully restoring your network could take several weeks as data may need to be recovered from backups instead. Adding to the length of recovery is an exhaustive investigation process to ensure that all remnants of ransomware have been completely eradicated.
Not to Pay
Deciding not to pay the ransom, likewise, requires careful planning and consideration. In this instance, your first step is determining the magnitude of the infection. You need a clear understanding of which systems may have been compromised, and what data is affected. Once the threat has been identified, you can work on remediation by cleaning infected systems, restoring backups, and taking the steps necessary to resume business operations. In the best case scenario, you incur a period of downtime, yet avoid the financial repercussions that come with giving in to ransom demands.
Preparation Breeds Prevention
The question of whether to cooperate with ransomware actors is a hotly debated topic. Some have even suggested that victims face criminal prosecution for funding the hacker’s efforts. Between trusting unscrupulous criminals and appeasing authorities who may not respond within your desired timeframe, ransomware comes off as the ultimate no-win situation. One alternative all parties can agree on is the importance of recognizing that prevention and sound mitigation amount to the best form of protection.
Even if you can’t entirely stop a ransomware attack in its tracks, you can bolster your recovery efforts by preparing for the worst. Perform backups on a regular basis and test them to ensure that data can be restored during crunch time. Instead of drawing up a press release amid all the chaos and panic, draft a pre-written statement that can be quickly tailored to address the incident. Executing a comprehensive simulation strategy that walks through every critical step will foster an environment that is better equipped to respond in the face of adversity.
DataLocker’s encryption products can help prevent various USB-based threats from ever entering your network, thereby enhancing ransomware protection for sensitive data in finance, healthcare, and government workplaces. Contact a member of our team to arrange a free demo.