What is Ransomware?
Ransomware is malware that targets computers and networks, locking out users from their systems until a ransom is paid. It is one of the safest forms of cybercrime that can be perpetrated from anywhere in the world, given that it uses sophisticated encryption techniques.
In light of its prevalence, particularly over the past year, how should crisis managers respond to a ransomware attack? What avenues are available for recovery? And ultimately, what are the implications to reputation?
Related: Ransomware as a Crisis
The first step is to take stock of the situation. The ransomware should be identified, including its version and if it can be downloaded by other parties (in which case payoffs will increase). What was the malware’s entry point, through email or via website? Once these steps are completed, it is best to exercise caution, keeping in mind the importance of preserving data. This is because there are many forms of ransomware that don’t guarantee recovery even if the ransom is paid. If possible, try removing it using anti-malware software or by restarting the computer into safe mode.
Now comes the tricky part – determining whether or not to pay the ransom. There are obviously benefits to doing so, as it will end the crisis and return operations to normal as quickly as possible. On the other hand, paying a ransom not only encourages hackers but can also be risky – there is no guarantee that the files will actually be unlocked.
Resource: Make better decisions through simulation exercises
In any case, it is important for organizations to have a plan in place for such attacks. This includes exercising or updating backups, having specialty teams to handle these types of situations and developing relationships with legal experts and cybersecurity firms.
Finally, the implications to reputation should be carefully evaluated before coming to a decision. For example, if an organization is seen as weak in its response and does not pay the ransom, it will come under further attack. Organizations should be prepared to deal with the public relations fallout of these types of attacks, especially given their frequency
Conclusion
Over the past decade, ransomware has become an increasingly dangerous threat on a global scale. Keeping sensitive data secure is paramount to the success of every organization. Despite the best efforts of organizations, cyber criminals are targeting companies of all sizes at an increased rate. The consequences for failure can be disastrous both in terms of financial loss and damage to an organization’s reputation; which could result in reduced revenue opportunities and costly litigation. Organizations must understand how to safeguard their information from ransomware attacks and have a plan in place for a successful recovery when a crisis does occur.
Need help preparing for a Ransomware attack? Contact us today to find out how we can help you prepare.