If you have the unfortunate occurrence of being a victim of ransomware, one of the first questions that comes to mind is “Should I just pay the ransom and get this over with to get my data back?”
The answer, for a number of reasons, should be a firm and resounding NO! The reasoning for this is complex, especially since some of the newer Cyber Insurance policies include ransom payments as part of the coverage.
The single biggest reason not to pay the ransom is simply this: paying the ransom does not guarantee that you will get your files back, especially since it is likely that:
- The ransomware was poorly written, and the decryption algorithm doesn’t work.
- Some attackers will only restore a few files as proof-of-restoration and then demand a second larger ransom to restore the rest.
- The Command & Control server has been taken down and the decryption keys have been lost.
- Law enforcement may have arrested the cybercriminals.
- The communication method to the cybercriminals has been misconfigured or disrupted.
- The crypto-wallet address in the ransom note is incorrect or has been hijacked by another attacker.
- The attack was targeted and meant to disrupt operations for a different motivation (stock manipulation, conceal data theft, etc.).
All of these reasons shed light on the scary fact that even if you pay, you will probably not get your data back and you will have contributed to the cyber terrorism industry.
Why the Increase in Threats?
“Ransomware-as-a-Service” has enabled low-skilled cybercriminals to get into the ransomware game via access to sophisticated ransomware tools for little-to-no-cost, which they then “rebrand” as their own. Cybercriminals used to have to build their reputation as a brand that would decrypt your files, which took time and investment to develop code that reliably worked. Now that the fear of ransomware has increased, and the availability of “Ransomware-as-a-Service” has enabled low-skilled cybercriminals to get into the game cheaply, there is little incentive to invest in building ransomware that decrypts your files. This new trend in ransomware combined with a growing business philosophy of “pay the ransom since insurance will cover it” leads to the unlikelihood that infected files can be decrypted or that you will even receive a decryptor key to try.
Never Negotiate with Terrorists
Another problem with paying the ransom goes to the famous government policy of “never negotiate with terrorists.” If you give a cybercriminal funds, you’re incentivizing them to continue victimizing people as a legit revenue source, allowing them to expand their operations with more computing power (their “weapons” in this case), hire more cybercriminals to help them grow their criminal enterprise, and letting them know that you’re a soft and juicy target to victimize again in the future.
What do I do then?
If you’ve been victimized, the first step in recovering your data and systems is to pull the plug on the infected computer and then get skilled IT personnel to respond to the attack immediately. LMT Technology Solutions is highly skilled in ransomware removal and data recovery. Rapidly identifying the infection and removing it from the network quickly can considerably reduce the impact of ransomware.
While the national average for ransomware recovery is around 6 days, the average time for LMT Technology Solutions clients is 1 day. The key to a quick recovery is taking preventive measures to harden your environment and ensure that backups are secure and readily available. Such measures include:
- Requiring Security Awareness Training for all end-users to build your human firewall and to reduce the chances of users inadvertently allowing ransomware into their company’s computer systems.
- Offering off-site secure replication of backup data.
- Implementing advanced central monitoring of server backups and auditing it daily.
- Implementing advanced firewall rules to block communications between ransomware and the associated Command & Control servers.
- Implementing aggressive anti-virus and anti-malware software utilizing heuristics (artificial intelligence) to block execution of suspicious programs and auditing it daily.
If you’re concerned about ransomware and aren’t confident in your current IT personnel having the time and expertise to protect you adequately, or if you’re already an LMT Technology Solutions client but aren’t utilizing all the services above, please feel free to contact us at 585-784-7470. We’ll be glad to discuss how we can best assist you with mitigating the risks of ransomware to your business.