NetworkTigers on whether businesses should pay for ransomware attacks.
Ransomware attacks are growing at an alarming rate threatening enterprises around the world. The attacks increased in 2020 and 2021 due to a shift to remote working, leaving businesses vulnerable to cybercrimes. It’s a problem that cybersecurity professionals are grappling with as they try to establish why organizations continue to pay ransoms and how to resolve this issue.
Paying the ransom: To pay or not to pay?
According to recent research of global IT professionals conducted in 2022 by Statista, 72% of respondents paid a ransom to recover their stolen data. But paying attackers to access your information is not a data protection strategy. It also creates a vicious circle and does not guarantee that businesses will regain their systems or sensitive data.
In 2020, The U.S. Department of the Office of Foreign Assets Control announced that paying ransom to cyber attackers is illegal. Due to the announcement, the U.S. states of Florida and North Carolina have banned state government agencies from paying ransoms. Texas, New Jersey, Pennsylvania, and Arizona are also considering similar laws, while New York proposes prohibiting government agencies and organizations from paying criminals.
Businesses should contact the Computer Emergency Response Team in case of an attack. At the same time, in-house cybersecurity personnel should assess the cost-benefit analysis of whether to pay hackers and determine the extent of the compromised data. When paying criminals, decisions should be made on a case-by-case basis.
The ransom demand should be weighed against the cost of not paying, which may include legal risk if clients decide to go to court if their information gets leaked by the attackers, business disruption, and loss of confidential data. For instance, clients in the legal industry opt to pay to avoid reputational damage to their company.
It may also be cheaper to pay the hackers than to recover the systems or data from backups. However, whether you decide to pay depends on whether you trust attackers to delete the compromised data.
What happens to businesses hit by ransomware attacks?
Ransomware attacks are getting more potent as hackers exploit weaknesses in organizations’ IT systems. Vulnerable entry points can expose companies to crippling attacks. These attacks aim to prevent access to your computers and demand a ransom to regain access.
Generally, ransomware attacks prevent victims from accessing their computers and data until a ransom is paid. After encrypting information on affected servers, cybercriminals often give users a certain number of days to pay a ransom to decrypt their data or risk losing the information.
However, the specific outcome of ransomware attacks can vary. When the attack is categorized as crypto-ransomware, it encrypts the user’s data and mixes up the file contents, making it unreadable. On the other hand, locker ransomware disables devices, rendering them useless.
How to prevent ransomware attacks
When ransomware attacks begin to affect operations and encrypt important assets, enterprises should evaluate their current cybersecurity practices and create a business continuity plan. This is a detailed document with action plans showing how your organization will function during long and short-term disruptions.
The document summarizes your organization’s assets, clients, partners, processes, and every aspect of your organization that may be impacted. For your business continuity plan to be effective, you should:
Reframe your existing business continuity plan
In reaction to COVID-19, it’s crucial to examine your current plan and implement these four new development areas:
- Backup various systems – Ensure your revised plan offers security to individual hardware and systems to operate optimally. These solutions are not meant to replace your current systems but support existing systems to maintain operation.
- Minimize downtime – The high cost of downtime is one of the primary reasons businesses pay ransom. Your new plan should ensure clients experience little to no downtime while recovering from an attack.
- Implement comprehensive solutions – Past solutions rely on physical storage with slower response times. Your new solutions should provide room for more connectivity and fluidity.
- Offer unlimited data storage – If your backup systems are stored far away from central business operations or in different facilities, embrace cloud networks to keep your information in architectures you can easily organize and access.
Review your existing business continuity plan
Reviewing your plan is critical as it will help you avoid paying hackers. Pay attention to these development areas:
- Identify important business areas – Determine the components of your enterprise that are vulnerable to attacks. This may include all the departments likely to be impacted by attacks.
- Compare the business operations and areas – Analyze how these systems operate alongside each other and how they integrate.
- Create a plan to reduce downtime and maintain operations – After analyzing your strategy, share it with stakeholders to ensure they understand their assigned roles when an attack happens.
- Define the scope of your project – Write down what the plan covers and its goals.
- Identify crucial functions – Determine the essential operations of your company.
- Determine the Recovery Point Objective (RPO) for each role – Discuss how much downtime is acceptable without ruining your firm’s reputation and incurring a financial loss.
How NetworkTigers can help stop ransomware attacks
Many businesses pay for ransomware because they rely on outdated cybersecurity practices or put in place backup systems without testing them. Contact us today to see how we can help you.