Should I pay a ransomware cyber-attack?

Ransomware is a particularly malicious attack where a piece of pernicious software has found a way to be run on one of your organisation’s devices.

The “bad app” will actively seek out commonly used files – such as Office documents, images etc. and encrypt them. The unfortunate recipient will see a notice warning them that they have been attacked and demand a ransom; not with a link to pay via PayPal or a credit card (!) but with crypto currency such as Bitcoin. (Think Wannacry in 2017 or more recently Travelex earlier this year).

Hopefully, your organisation has not been hit with a ransomware attack. The impact on your business can be devasting: without access to these files, your organisation may not be able to function. There may be consequential issues such as the loss of Personal Identifiable Information (PII) and in which case you may need to inform the Information Commissioner’s Office, and your clients.

So – to pay or not to pay? This is a very moot point as this article makes clear.

There is simply no guarantee that if you do pay the ransom, that you will actually get your files back. None! If the decryption key that you receive does not work, what are you going to do? Leave a bad customer review on Trustpilot? Furthermore, the article cites examples of after a ransom being paid and the victim successfully recovering their data, another attack occurred a few months later and another ransom was demanded!

Whilst none of these possibilities are remotely pleasant and there is no such thing as 100% protection, there are very specific methods of significantly minimising this risk; a risk that could spell the end of your company.

1. Good cyber security practices:

Malicious malware that has a ransomware “payload” is rife on the internet, but they still need a route into your business’s network.

With a decent anti-virus application, continuous operating system security updates and active firewalling, your devices will patch the most obvious and common program-based vectors of attack.

Regular and continuous security awareness training will educate your team to look out for and spot dodgy links and suspicious emails (remember that your cybersecurity is only as strong as your weakest link).

Use of complex, unique passwords for all work-based passwords (a password manager can really help you here).

Use multi-factor authentication on all work accounts where such technology exists.

2. Robust backup and test restore procedures:

Whether your business is all cloud-based or still uses a mix of cloud and server devices, a robust and rigorous backup system is the cornerstone of any IT security strategy. Accidental deletion as well as loss or damage are all good reasons to back up your data, let alone a cyber-attack.

Regular backups mean that if your “live” data does get encrypted, you have a fighting chance of being able to restore your data back to the last backup time.

This all works well in theory, if your backup process actually works, and you regularly test that it works. Crossing your fingers and hoping for the best is not the best approach!