Ransomware : To Pay or Not ?

The face of the disaster has changed. Ransomware cyber attacks have become a threat that is increasingly common for the small and medium scale merchants. Schulze and James R. Slaby, explain that why protecting your data is critical than ever and quest the timing of paying ransom.

Cyber criminals and national countries, constantly develop and expand their methodology of attack. Institutions are targeted with double extortion ransomware attacks, Covid themed phishing attacks and opportunistic attacks in which the mass orientation to remote working creates the environment.

Today, conventional disaster recovery (DR) plans are insufficient. Getting your datas back after a successful ransomware attack, requires a highly customized disaster recovery strategy, plan and capabilities. This is why recovering from a cyber attack has become more complicated.

An adaptable strategy of risk management that unifies the datas with a functional and agile approach, is the key to protect your business better.

Get Preventing Precautions

Preventing the cyber attacks with a proactive approach, is the best action to avoid the possibility of becoming a victim in the first place. Precaution, takes three main focus point:

Knowledge- Educating your end-users about cyber security and test them with cyber security is a very important step. You would decrease the risk for your business, when they are aware of the risk of their actions.

Technology- Cyber criminals use advanced technologies and strategies to have access to your datas. Using best cyber security practices and latest technologies will be and effective defense method.

Recovery- In a massive attack, quickly restoring clean copies of your backed up data, systems, and applications will minimize the attack effects.

Wait the unexpected

Probably you had no need to plan for a situation like ransomware. You should take precaution for recovering your critical data when broken or encrypted, as you make sure that they are safe properly. This is not a “If” question that you would encounter this is a “when”.

Your conventional recovery plans aren’t sufficient for getting over the new obstacles anymore. You need to inquire for the issues you never thought and solved. Ransomware will test the limits of regular recovery scenarios.

Be prepared for unexpected for preparing to a ransomware attack:

1. Educating the users

Phishing is still the number one attack vector. It provides big income that suspicious links and additions are less clicked.

2.    Protecting and diversifying the back-ups

Back-up files and processes are common targets and may affect the recovery attempts in a significant amount when endangered.

3.    Defining the convenient RPO’s and RTO’s

Calculate how much it would cost you to lose one hour, half day, one day or one week of data for your top level applications. Otherwise you can’t compare the cost of not paying ransom with paying.

4.     DR analysis and planning

Indicate investment income of migrating to failover resources and continuing to operations at a particular point and value of recovery time in economic aspect.

5.    Adding ransomware attack scenarios to your DR researches

Perform live and tabletop (TTX) exercises that include the teams other than IT such as compatibility, law, public relations, investor relations and human resources.

6.    Determining the threshold

Add a cost/benefit analysis exercise to your TTXs and exercises to identify the threshold point where paying the ransom may be less costly than the recovery attempt.

7.    Creating a contingency plan

Learn how and where to pay the crypto currencies, if you need to pay a ransom.

8.    Spreading the technology

AI based ransomware precautions can stop the attacks before they take root.

TTX: Tabletop exercises (Conduct tabletop exercises.)

Ransom or Recovery?

Paying ransom to cyber criminal can be perceived as the only and quick option for your business to get your data which encrypted because of a cyber attack, back. But paying may not guarantee that you will gain access to your encrypted data again. It is so important that thinking through when deciding to pay during a ransomware attack and consider all risks related.

It might consider that enabling the recovery procedures such as uploading back from a back-up or driving failover plans to go back to the business operations quickly. Paying ransom should be thought only if recovery studies aren’t sufficient enough.

In the case that above-mentioned business operations of yours stop, it might choose to pay by comparing the economic loss per unit with the ransom wanted or try for alternative methods.

And finally, if you have been cyber attacked, definitely have a detailed analize and get professional support. So that you can be aware of your security vulnerabilities and cover them. It is accepted that ransomware victims have weak defending and in general these victims are targeted again.