So you get hit by a ransomware attack – what do you do?
Is your first thought TO pay it? Or is that first thought NOT to pay it?
Paul Furtado of Gartner, speaking in Sydney said:
“I have yet to see an organization going through that that says ‘No, I’m not going to pay’,” … “The reality is they’re [the executive board] going to do what they need to do and give you that blank check to get the business back to a functional level.”https://www.databreachtoday.com/paying-ransomware-actors-its-business-decision-a-19425
And ultimately, the board is going to need to figure out what they need to do in order to get things back working and minimizing damage to the company.
The crime, itself, is very effective and very low risk. Even though, for example, Interpol arrested 2,000 people last week, believe it or not, that is a drop in the bucket and most are very low level participants and easy to replace.
Furtado says that many companies do pay the ransom – even the FBI now says it is a business decision – maybe a third – and most get a decryption key, but that doesn’t mean that the key works perfectly or they get all of their data back. Remember, ransomers are not master programs and all software has bugs – they are not exempt. Also, many times the decryption process is way slower than the encryption process.
One interesting note Paul makes – he says that if you pay, there is an 80% chance you will get hit again. That is not terribly comforting.
You have to consider how long you will be down if you don’t pay – and how long you will be down if you do pay.
You also have to consider whether they have stolen data and will publish or sell it if you don’t pay. Maybe the data that they took is very sensitive. Maybe not.
There are two things to consider here: (1) are you adequately prepared for a cyber event. This includes not only backups, but business continuity, public relations, legal, incident response, etc. That is the PROACTIVE part and (2) can you handle the incident by yourself if the worst case does happen. That is the REACTIVE part. We can help you with both – give us a call if you want to discuss.
Credit: Data Breach Today