When Colonial Pipeline was brought down by a group of hackers in 2021, the company was forced to shell out $4.4 million in ransom to restore their oil operations. In early July last year, REvil demanded $70 million in ransom, the highest ever. Despite federal and homeland security agencies dissuading companies from attempting to pay ransoms, the Veeam 2022 Ransomware Trends ReportOpens a new window found that 76% of organizations admit to paying ransomware criminals, with one-third still unable to recover data.
In fact, remote work also opened the floodgates for cyberattacks that birthed the demand for ransoms in return, hinted experts. According to ReutersOpens a new window , up to 1,500 businesses were affected by ransomware attacks last year. Another report by the Institute for Security + TechnologyOpens a new window found that the total amount paid by ransomware victims increased by 311% in 2020, reaching nearly $350 million worth of cryptocurrency. It therefore begs the question – what happens when organizations are hit by a ransomware attack? Is paying ransom a good idea? What happens if companies pay ransom to restore data? How can companies prepare to safeguard from ransomware attacks? Here’s a peek at what security experts advise companies should do if hit by a demand for ransom:
See More: Log4j Zero-Day Vulnerability: Everything You Need To Know About the Apache Flaw
READ MORE: CES B2B and Enterprise IT Tech Sessions
What Happens When Hit By a Ransomware Attack
There is no silver bullet when it comes to protecting against ransomware. A ransomware attack A prime example of this was the WannaCry virus attack in May 2017, where 200,000+ computers worldwide were infected due to a weakness in Windows SMB EnternalBlue, which allowed hackers to hijack computers running on an unpatched Microsoft Windows operating system. Users were asked to pay anywhere from 300-700 bitcoins to decrypt the data in 3 days. “After encrypting data on infected computers, ransomware attackers often ask users to pay to decrypt the data and give them a set number of days before they have to pay or risk losing their data,” Vishal SalviOpens a new window , CISO and head of cybersecurity practice at Infosys, a global digital services and consulting corporation told Spiceworks.
With each passing day, ransomware attacks are getting more and more potent. According to cybersecurity experts, cyber criminals are well versed in exploiting weaknesses in enterprise IT systems.
“One vulnerable entry-point can expose the business to crippling cyber-attacks. The goal of a typical ransomware attack is designed to block access to your system and demand a fee to be paid to regain access. This can only work if the attackers endanger business continuity or steal valuable data,” – Dave RussellOpens a new window , vice president of enterprise strategy at Veeam, a data protection company.
Moreover, experts believe the specific outcome of a ransomware attack can vary. Generally speaking ransomware attacks prohibit the victim from retrieving access to their data and systems, requiring ransom to be paid to gain access back.
“When the attack is categorized as locker ransomware it possesses the ability to disable a device, rendering it useless. Crypto ransomware on the other hand encrypts the victim’s data and scrambles the file contents to make it unreadable,” Mark GuntripOpens a new window , senior director, cybersecurity strategy at Menlo Security pointed.
See More: 14 Insights on How To Prevent a Ransomware Attack and Avoid Being the Next Headline
READ MORE: 4 Sales Management Styles You Must Know
To Pay, or Not To Pay? That Is the Question
As per the Veeam report, paying cybercriminals to restore data is not a data protection strategy. There is no guarantee of recovering data. The report found that 24% of organizations who paid the ransom were not able to recover data, whereas 52% who paid the ransom were able to recover data. Additionally, 19% of organizations did not pay the ransom because they were able to recover their own data, the report said. So, should organizations really pay or not pay the ransom to recover their data?
In 2020, The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announcedOpens a new window that paying ransom to cybercriminals is now illegal. “In case of a ransomware attack, organizations should immediately contact the respective country’s Computer Emergency Response Team (CERT) and internal cybersecurity SWAT teams should initiate an in-depth analysis to assess the extent of the data to remediate,” Salvi noted.
According to the report by Institute for Security + Technology, global IT professionals have found that, of the organizations reporting a ransomware attack, 27% of victims chose to pay the ransom requested, with small variations at the regional level in terms of the average amounts paid $1.18 million in APAC, $1.06 million at EMEA, and $0.99 million in the United States).
However, when it comes to paying ransom, cybersecurity experts recommend to follow the FBI’s and homeland security’s advice, which is to not pay ransom. But, what can companies do when an attack encrypts critical assets and begins to directly impact operations?
“Paying ransom is dependent on your level of preparedness – do you have the right processes and strong back up in place? If so, you likely won’t be in a position where fulfilling the payment is necessary. If the outcome is your organization is unable to function as normal, access data or the damage is business ending, that’s when you need to re-evaluate your options.” – Mark Guntrip, senior director, cybersecurity strategy, Menlo Security
According to Danny AllanOpens a new window , CTO at Veeam, a “modern data protection strategy” should be in place as a clear indication of the organization’s commitment to never pay the ransom. “Educate employees and ensure they practice impeccable digital hygiene; regularly conduct rigorous tests of your data protection solutions and protocols; and create detailed business continuity plans that prepare key stakeholders for worst-case scenarios,” Allan added.
See More: Building Security Into Products, People, and Processes: Tech Talk With SailPoint’s CISO
How To Safeguard From Ransomware Attacks
Guntrip added that the best way to remain secure against ransomware attacks is to prevent the initial access onto the network and ensure your teams and your systems are prepared should an attack happen. “With organizations adopting forms of hybrid work models and today’s Highly Evasive Adaptive Threats (or HEAT) it’s critical to re-examine your security structures. Adopting a zero trust approach powers organizations to be proactive when it comes to their security measures to ensure their security stack is preventative, stopping attacks before they can even happen,” he told Spiceworks.
Several reports confirm that organizations must invest in educating their employees about phishing and cyberattacks as they are the first line of defense in any ransomware attack. Nurturing and training workers and equipping them with information and resources is like building security from the inside out, Salvi informed
“Security has to be a collective responsibility. Security engineers need to have SLAs that require proactive monitoring and employees must be made aware of possible vulnerabilities through passive and just-in-time training.” – Vishal Salvi, CISO and head of cybersecurity practice at Infosys
Additionally, enterprises should invest in advanced threat detection and prevention solutions powered by AI and machine learning algorithms, which can adapt to detect and prevent attacks. “A proactive process that focuses on prevention and fast recovery such as installing security updates, disabling unnecessary default settings and backing up critical data is another important aspect,” he added.
Another way of safeguarding your company from a ransomware attack is to have an air-gapped tier to the data protection framework. The Veeam report found that many organizations reported having some level of immutability or air-gap media in more than one tier of their disk, cloud and tape strategy.
“The only way to protect against this scenario is to have at least one immutable or air-gapped tier within the data protection framework,” Russell explained.
Finally, if businesses want to win the ransomware battle, they need to focus on education, implementation and remediation. By educating employees, companies can ensure that attackers are not being given access to data and systems they need to initiate a ransomware attack and avoid paying a ransom in return.
What do you think should companies pay or not pay the ransom to recover data? Comment below or let us know on Opens a new window LinkedInOpens a new window , FacebookOpens a new window or TwitterOpens a new window . We’d love to hear from you!