Since WannaCry swept the world in 2017, ransomware has become a network administrator’s worst nightmare. It’s not without any reason: the devastating WannaCry ransomware attack affected more than 200,000 computers across 150 countries with huge damages. Other notable ransomware attacks like Petya and Bad Rabbit also did significant damage. No organization though is safe. Ransomware operates when hackers gain access to systems and encrypts the data, hence locking the original user out. The original users are threatened that their information will be deleted or leaked unless they pay an amount of ransom (mostly in the form of a cryptocurrency) after which they will get the key to decrypt their data.
So what should an organization do in this worst-case scenario? If they do get hacked and all the data is the hands of malicious hackers who threaten to only return it if an amount of ransom is paid, should the organization pay it?
The advice from most security experts is: No.
Don’t give in to the criminals
Consider the Telstra Cyber Security Report 2017, it found that 60% of Australian organizations had experienced a ransomware attack in 2017, with 57% paying the ransom. However only one in nearly three organizations got their data back. The conclusion from this is simple: paying the ransom does not guarantee a company that it will get its data back and more importantly, it only adds to the problem.
Paying the ransom encourages the cyber criminals to continue this kind of attack. It also sets up the company as a weak target, positioning them as willing to pay to get their data back. In this sort of situation, the criminals already get the upper hand. Even if they do provide the decryption key (and that is a very small possibility), the company may well be targeted again as it has already advertised itself as willing to pay a ransom. Hackers may well also just increase the amount of ransom when they see that an organization is willing to pay.
No guarantee of data return
But, perhaps, more crucially, there is no guarantee that the company will get the data back so the ransom paid may be a complete waste of money. The hackers have little incentive to return the data – they would prefer to stay anonymous. Especially in the case of WannaCry, there was no mechanism on who paid the ransom which meant the data could stay encrypted even after paying the ransom.
In desperate situations, however, companies may feel they have no other choice but they should think about the consequences and rather, rebuild their organizations. Prevention is always better than cure and some ways in which an organization can keep their security systems robust is by:
- Deploying proper security solutions: A strong security solution will go a long way in maintaining an organization’s defence. Seqrite’s Endpoint Security (EPS) offers in-built protection against ransomware and is a good option to protect networks from advanced threats.
- Using a DRaaS solution: A Disaster Recovery as a Service (DraaS) solution replicates and hosts physical and virtual services in a second location. In case of a disaster hitting the original site, the services can be access and backed up from the second site. Using this kind of a solution can help a organization recover from ransomware.
- Employee awareness: Organizations can go a long way by educating their employees about the danger of different types of malware, including ransomware. This kind of training can involving awareness about suspicious links, phishing scams, detecting compromised attachments and similar methods through which systems can be compromised.
Ransomware attacks can seem scary and devastating when they hit. But network administrators and company heads must keep their heads in a crisis. While the temptation to pay the ransom will be inviting, it will be always important to remember that it may just be a wasted payment and lead to more damage in the long run.