You’ve probably heard about cities across the U.S. being held hostage by ransomware attacks. It seems like attacks like these are making headlines every couple of months. The story is usually the same, a city agency or perhaps the entire city’s government computers are taken over by ransomware. The hackers claim they will release their data if the city pays them. However, these types of attacks use encryption to hold the data hostage and the decryption keys that the hackers offer may or may not work. 

So, how can you avoid finding yourself in a hostage situation? What should you do if it happens to you?

 

ransomware-situation

To Pay or Not to Pay?

Often, stories about ransomware attacks pose the question: to pay or not to pay? But, the reality is a bit more complicated. Every situation is different. It depends on:

  • How much data is being held hostage
  • Is the data backed up
  • How much would it cost to replace lost equipment and data

The first thing you should do when your data is being ransomed is to call the FBI. Even if they can’t help you get your data back, they can use the information from your attack to try to find the hackers. 

The second thing you should do is call your insurance company. They may be able to guide you through the ransom process and determine what the costs may be whether or not you pay the hackers.

The next thing you should do is contact a cybersecurity firm. They can help you determine how much data has been taken, whether existing backups minimize the damage, and what recovery or replacement costs might be.

Once you’ve worked with the experts, then you can make an educated decision. Is the cost of the ransom less than it might be to replace any infected equipment? Are you willing to pay criminals to get the data back? How likely is it that the hackers will give you a decryption key that works?

  

ransomware-attackHow to Avoid the Difficult Choice

The best way to handle the “to pay or not to pay?” question is to avoid being put in a difficult position in the first place.

Train Staff on Phishing

Most ransomware attacks begin with email phishing. Phishing emails try to gain sensitive information or get the reader to download or click on something by pretending to be from a legitimate source. To avoid falling prey to phishing attempts, train all staff on how to detect and avoid falling for false emails. This training should be repeated annually as a reminder and so that the training can keep up with phishing trends.

Get a Next-Gen Firewall

Your firewall is your first line of defense when it comes to ransomware and other malware attacks. A next-gen firewall uses artificial intelligence, rather than relying on a database like traditional firewalls, to identify threats and attacks as they are happening. Intercept X, from Sophos, offers next-gen defense against many kinds of threats.

Keep up with Patching

Keeping your systems and network up to date with patching will also help protect you from malware that makes it through other lines of defense. To make it easier to keep up with patches as they’re released, consider using a patch management tool that can schedule patch installation.

Check for Vulnerabilities

Performing vulnerability assessments or scans on a regular basis can help you identify weaknesses in your network, firewall, and other systems. Sometimes a software update can create a vulnerability, but that weakness will be quickly identified by a vulnerability scanning tool. Some tools will suggest remediation plans as well.

The Cost of Security

While the ransom is often less than the price of replacing equipment, the cost of a strong security posture is even more affordable. Let us guide you in determining the right security posture for your organization.  Contact us for a FREE review of your security posture