When threatened with a ransom demand, should you simply submit? There is no simple answer to the question, Steven Usher, Senior Security Analyst of Brookcourt Solutions explains…
There is no simple answer to this question, as every incident has a different impact, circumstance, and various nuances that cannot be accounted for in a general answer to the question, should you pay the ransom?
We would all like to think that no one should ever pay the ransom, but that simply is not the case in the real world.
Home users have a complicated situation in that they do not have the access to IT skills, tools, and teams that a business does. In addition to this, there is a sentimental and home business point of view that involves personal items such as photos, texts, videos or even data linked to a home business that hold sentimental value to people, putting them at risk of having more to lose.
WHEN PAYING SEEMS WORTH THE RISK
For this reason, these smaller ransoms can easily be worth the risk for some, in paying, with the hope that their data can be returned. These personal attacks also do not carry the responsibility of having to report the incident. There is also the psychological aspect of shame linked to these incidents that makes them less likely to be shared, if one pays the ransom and it fails.
Businesses however have numerous other concerns when it comes to this question; should we pay the ransom or not? Businesses have to consider factors such as public perception which could result in a loss of business, incidents not only having to be reported in an official capacity, but formal public announcements have to be carried out when personal data is involved. Then there are factors for some businesses whose daily responsibilities could include vital services and paying the ransom may be the quickest and easiest cure to restoring systems.
WHAT CAN YOU DO? PRACTICE, EDUCATE, PRACTICE, PREPARE
Practice your response to a ransomware incident by war gaming or tabletop gaming an incident and testing the response of the IT teams who would be involved. This will allow for the issues, choke points, and confusion to be addressed before a real-world incident occurs.
Educate all your users to a level and in a manner that is equivalent to their technical knowledge in potential ingress points for ransomware and what to do if a ransomware infection is suspected.
REGULAR TESTING ESSENTIAL
Practice restoring backups. While many companies have backup processes in place, the restoration of those backups is rarely comprehensively tested and numerous issues have been found when the restoration is not regularly tested. This will once again allow any issues and confusion for choke points to be identified.
PREPARE FOR A RANSOMWARE INCIDENT
Prepare for a ransomware incident. While this could be linked to practising your response, and in some ways it is, preparing for an incident in this sense means having email templates for internal, and if needed, external users prepared, ensuring that if a public statement is needed that it is prepared, together with any potential formal responses required.
Senior Security Analyst,