What should organizations do instead of paying a ransom?

stop ransomware

Ilia Sotnikov security strategist & VP of user experience, Netwrix gives us insight into how to deal with a ransomware attack.

According to the National Cyber Security Centre (NCSC), cyber attacks are at an all-time high and it has recorded increased ransomware attacks in the UK during 2021. The NCSC has dealt with a 7.5% increase in cases up to August 2021 and they are advising companies not to pay up. The head UK spy agency GCHQ says the number of ransomware attacks on British institutions has doubled in the past year.

With attacks like this rapidly increasing, what should organizations do if they fall prey? Should they pay up and hope for the best, or refuse and risk further attacks? One could only hope to avoid making this choice. Here are some do’s and one don’t to manage the risk of almost inevitable ransomware.

Don’t pay the ransom

The FBI offers three reasons to never pay a ransom. Firstly, there is no guarantee the victim will get the decryption key once the money has been paid. Moreover, even if you receive the key, there is no guarantee you will restore operations overnight. 

Secondly, if companies do pay, there’s nothing to stop hackers from attacking them repeatedly, and each ransom demand could be higher than the last. In the NCSC’s Weekly Threat Report (Dec 3rd), a further trend report from Group IB shows a 935% increase in double-extortion ransomware attacks since 2020.

Thirdly, by paying a ransom companies encourage the ransomware business model and put other organizations at increased risk. That is why the idea of making paying a ransom illegal gains momentum.

How to handle the risk of ransomware attacks

There are two sides to this coin: you want to reduce the chance of a successful attack, and you have to minimize possible damage if it happens. The key concepts thus are layered security and defense in-depth approach. We will talk about some of its components below.

But to make any security program work, the employees should be aware of at least the security essentials. Therefore investing in education and training is vital and cybersecurity awareness among personnel should be one of the top priorities of an organization.

However, even the most comprehensive training cannot guarantee that employees will always follow the best security practices. Just a single careless click on a link in a phishing email can unleash ransomware across an entire IT environment. Every organization should assume it will suffer a ransomware infection and be prepared to react. An effective plan requires fast detection, response, and data recovery.

Inventory data 

To reduce the risk of losing access to sensitive data, such as the personally identifiable information of employees and citizens, organizations must know exactly what types of data they store. They must secure the data according to its value. Automated data classification helps deliver better awareness of the existing data, who has access to it, and how sensitive it is. This means the organization can put measures in place, protecting key assets. Simply put, you can’t protect all the data, so concentrate on what is really important.

Since ransomware often relies on the access rights of the user account it has compromised, continuously enforcing least-privilege principles will minimize the amount of data that can be encrypted in an attack. 

Anomaly detection 

Organizations must monitor user behavior across all critical systems and data, on-premises and in the cloud. Timely discovered unusual activity might point to an attack. Changes to the list of restricted file extensions or an increased frequency in file modifications are the reason to get worried. Data exfiltration or encryption doesn’t happen immediately; both take time, particularly in distributed heterogeneous environments with large amounts of data. 

Timely detection and counter-action at the early stage of cyberattacks are essential to keep the damage to a minimum.

Incident Response Plan

Organizations need to document the steps for responding to signs of an attack, including who is responsible for what and at what level. Since the staff, the IT environment, and the threat landscape are always changing, the plan needs to be tested regularly and updated as required.

Align backup and recovery 

Organizations need to optimize their backups to ensure that the most crucial data and services can be restored quickly. After this, with the detailed information on which files were modified or deleted during a ransomware attack, IT teams should only restore what suffered. This reduces the scope of efforts needed, accelerates the recovery process, and minimizes service disruptions. 

Read More:

No organization wants to choose between paying a ransom or suffering serious damage after refusing to pay. Instead, companies can prevent as many ransomware infections as possible through user education and preparing for the worst-case scenario. Confident in their ability to quickly restore access to systems and data, organizations won’t ever need to consider paying a ransom again.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Ilia Sotnikov

Ilia Sotnikov is the security strategist & VP of user experience at Netwrix

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...