Why you should never pay ransomware demands (and what to do instead)

It’s a situation no one wants to be in, but the growing prevalence of ransomware attacks increases the chances that your organization will be hit by one in the future. In fact, Cybersecurity Ventures predicts that, by 2021, there will be one ransomware attack on businesses every 11 seconds, driving up annual global ransomware damage costs to CAD25.397 billion (USD20 billion).

These numbers are enough to scare any victim into paying the ransom, no matter how exorbitant the amount may be. This is especially true for those who don’t have secure backup systems or can’t afford to lose access to their files, such as healthcare facilities.

Why shouldn’t you pay the ransom?

But according to cybersecurity experts and law enforcement officials, victims should never pay ransomware demands. This is because:

There’s no guarantee that you’ll regain access to your files or systems. In fact, according to a 2016 survey by Kaspersky Labs, one in five victims that pay the ransom don’t get the decryption key they were promised. If they do get a key, it may be one that doesn’t work or is incompatible with their operating system.

You’d only be encouraging and enabling cybercriminals. Paying the ransom tells cybercriminals that you’re an easy victim — they’ll be likely to exploit your weakness and hit you with ransomware again and again. Also, paying tells them that ransomware, as well as other forms of cybercrime, still work. This will embolden them to attack other organizations. What’s worse is that you will have played a part — albeit indirectly — in furthering illegal activity, as the cybercriminals will be using your money to carry out more ransomware attacks.

It may be possible to restore encrypted files yourself. Many ransomware victims who paid up weren’t aware that they could have downloaded ransomware removal and decryption tools to recover their files. There are available decryptors for many ransomware variants, but if there is none for the type that infected your systems, you can always try restoring your files from an offline backup.

What should you do if ransomware hits?

The first thing to do is to isolate the infected computer by disconnecting it from your local network and other devices, as well as the internet. This will prevent the ransomware from spreading to other devices on your network or to file hosting and syncing services such as Microsoft OneDrive. Take a photo and/or screenshot of the ransom note, as you will need this when you report the attack to authorities.

Next, inform your in-house IT team or managed IT services provider about the attack. They will perform a series of tasks to remove the ransomware and keep it from encrypting new files, as well as try to recover infected files using the appropriate decryption tool, if available.

How do you protect your business against ransomware?

You can minimize the risk of ransomware by following these tips:

1. Back up your data regularly. This ensures that even if a ransomware infects your computers, you will have copies of your files so your business can go on as usual. But before you restore your files from backups, scan the backups to ensure that they haven’t been infected. Also, make sure to keep a backup off-site and not connected to your company’s primary network so you’ll always have one copy of your files that’s safe from deletion or encryption in case of a ransomware attack.

2. Apply software patches and updates as soon as these become available. Outdated software is a common entry point for ransomware. Ensuring your operating system and programs are always up to date adds another layer of defense against ransomware attacks.

3. Educate your staff. Knowing how ransomware spreads, what its signs are, and what to do when it strikes will help your employees stay one step ahead of cybercriminals.

4. Invest in cybersecurity tools. Beyond the latest antivirus and anti-malware software, you also need next-gen firewalls, email filtering tools, and DNS filtering software to keep out ransomware.

5. Have a ransomware response plan in place. Your plan must detail the steps to be taken during and after an attack, including how to reinstall data from backups and whom to notify.

Ransomware is just one of the many threats organizations of all sizes and across all sectors face today. To ensure all-round protection against even the most pernicious threats, partner with Quicktech. With our proactive approach to cybersecurity, you can rest easy knowing that all aspects of your IT infrastructure are safe and secure. Talk to us today — call 604-709-8324.