What should organizations do instead of paying a ransom?

stop ransomware

Ilia Sotnikov security strategist & VP of user experience, Netwrix gives us insight into how to deal with a ransomware attack.

According to the National Cyber Security Centre (NCSC), cyber attacks are at an all-time high and it has recorded increased ransomware attacks in the UK during 2021. The NCSC has dealt with a 7.5% increase in cases up to August 2021 and they are advising companies not to pay up. The head UK spy agency GCHQ says the number of ransomware attacks on British institutions has doubled in the past year.

With attacks like this rapidly increasing, what should organizations do if they fall prey? Should they pay up and hope for the best, or refuse and risk further attacks? One could only hope to avoid making this choice. Here are some do’s and one don’t to manage the risk of almost inevitable ransomware.

Don’t pay the ransom

The FBI offers three reasons to never pay a ransom. Firstly, there is no guarantee the victim will get the decryption key once the money has been paid. Moreover, even if you receive the key, there is no guarantee you will restore operations overnight. 

Secondly, if companies do pay, there’s nothing to stop hackers from attacking them repeatedly, and each ransom demand could be higher than the last. In the NCSC’s Weekly Threat Report (Dec 3rd), a further trend report from Group IB shows a 935% increase in double-extortion ransomware attacks since 2020.

Thirdly, by paying a ransom companies encourage the ransomware business model and put other organizations at increased risk. That is why the idea of making paying a ransom illegal gains momentum.

How to handle the risk of ransomware attacks

There are two sides to this coin: you want to reduce the chance of a successful attack, and you have to minimize possible damage if it happens. The key concepts thus are layered security and defense in-depth approach. We will talk about some of its components below.

But to make any security program work, the employees should be aware of at least the security essentials. Therefore investing in education and training is vital and cybersecurity awareness among personnel should be one of the top priorities of an organization.

However, even the most comprehensive training cannot guarantee that employees will always follow the best security practices. Just a single careless click on a link in a phishing email can unleash ransomware across an entire IT environment. Every organization should assume it will suffer a ransomware infection and be prepared to react. An effective plan requires fast detection, response, and data recovery.

Inventory data 

To reduce the risk of losing access to sensitive data, such as the personally identifiable information of employees and citizens, organizations must know exactly what types of data they store. They must secure the data according to its value. Automated data classification helps deliver better awareness of the existing data, who has access to it, and how sensitive it is. This means the organization can put measures in place, protecting key assets. Simply put, you can’t protect all the data, so concentrate on what is really important.

Since ransomware often relies on the access rights of the user account it has compromised, continuously enforcing least-privilege principles will minimize the amount of data that can be encrypted in an attack. 

Anomaly detection 

Organizations must monitor user behavior across all critical systems and data, on-premises and in the cloud. Timely discovered unusual activity might point to an attack. Changes to the list of restricted file extensions or an increased frequency in file modifications are the reason to get worried. Data exfiltration or encryption doesn’t happen immediately; both take time, particularly in distributed heterogeneous environments with large amounts of data. 

Timely detection and counter-action at the early stage of cyberattacks are essential to keep the damage to a minimum.

Incident Response Plan

Organizations need to document the steps for responding to signs of an attack, including who is responsible for what and at what level. Since the staff, the IT environment, and the threat landscape are always changing, the plan needs to be tested regularly and updated as required.

Align backup and recovery 

Organizations need to optimize their backups to ensure that the most crucial data and services can be restored quickly. After this, with the detailed information on which files were modified or deleted during a ransomware attack, IT teams should only restore what suffered. This reduces the scope of efforts needed, accelerates the recovery process, and minimizes service disruptions. 

Read More:

No organization wants to choose between paying a ransom or suffering serious damage after refusing to pay. Instead, companies can prevent as many ransomware infections as possible through user education and preparing for the worst-case scenario. Confident in their ability to quickly restore access to systems and data, organizations won’t ever need to consider paying a ransom again.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of ransom, Cyber Security, What should organizations do instead of paying a ransom?

Ilia Sotnikov

Ilia Sotnikov is the security strategist & VP of user experience at Netwrix

Nutanix on OVHcloud US Offers a Hybrid Multicloud Solution

Joon Lee • 11th September 2023

Nutanix is a leading cloud computing software company that helps companies simplify their cloud strategies by using hyperconverged infrastructure (HCI) environments. Hyperconvergence is a software-centric architecture that tightly integrates compute, storage, networking, and virtualization resources and other technologies on commodity hardware servers supported by a single vendor.

OVHcloud Is at the Forefront of the Data Revolution

Karen Kokiko • 11th September 2023

Information technology is going through a digital transformation and reshaping how we do business, how we interact, how we make decisions, and how we influence our society. OVHcloud® is at the forefront of this data revolution, standing apart from the competition with a strong commitment to creating a level playing field and the opportunity for...

Right Sizing & Workload Optimization in the Cloud

Joon Lee • 11th September 2023

Organizations facing the challenges of scaling their cloud infrastructure can achieve improved performance by implementing the principles of right sizing their infrastructure. This practice is essential for optimizing cloud infrastructure and enhancing its overall effectiveness. In this guide, we will discuss the benefits of right sizing, including optimizing costs, eliminating waste and improving performance. We’ll...

OVHcloud Is at the Forefront of the Data Revolution

Karen Kokiko • 11th September 2023

Information technology is going through a digital transformation and reshaping how we do business, how we interact, how we make decisions, and how we influence our society. OVHcloud® is at the forefront of this data revolution, standing apart from the competition with a strong commitment to creating a level playing field and the opportunity for...

Can Europe take on the US Cloud giants?

Richard Hilton • 30th August 2023

With so many issues coming up about cloud storage, what is the solution to the dominance of the major giants like AWS (32%), Microsoft (23%) and Google (10%) taking 65% of the world cloud market?

The race to dominate the AI space

Kevin Cole • 24th August 2023

The launch of Chat GPT-4 in March of this year provided the catalyst for a conversation that has been gaining momentum for some time now: How will artificial intelligence (AI) change the world?