Responding to ransomware attacks

Responding to ransomware attacks

Responding to ransomware attacks In a recent report, based on data from the Institute for Critical Infrastructure Technology (ICIT), technology website CSO managing editor Ryan Francis said that there are many ways of handling ransomware threats, which is the cyber equivalent of kidnapping, except it applies to important and critical data that are crucial to business operations.

According to the institute the proper response to ransomware depends on the organization’s risk tolerance, potential impact of the hostage data, the availability of system redundancy and recovery, its effect on business continuity and the regulations in place in the scene of the crime.

Further, the report outlines the importance of backup and recovery in dealing with data hostage takers.

“System backup and recovery are the only certain solution to ransomware. If you have a backup system, then recovery is a simple matter of restoring the system to a save point. Otherwise, you could attempt to recover data through shadow copies or through a file recovery software tool; however, many ransomware variants delete shadow copies and some even detect file recovery software,” the Francis said.

He also said that there are cases when it is wise to just pay the ransom, especially if the cost is negligible compared to the damage the disruption will cause on the organization’s business continuity.

“If the culprit actually provides the decryption key, then paying the ransom may alleviate the immediate pressure on the organization. Some attackers may release the system after receiving payment because doing otherwise would reduce the likelihood that other victims will pay,” the author added. “Some attackers recognize this dichotomy of trust. They recognize that if files are never unlocked then no victim will ever pay a ransom.” 

However, he stressed that securing data systems against miscreants is the responsibility of every employee in the company.

“A vigilant cybersecurity centric corporate culture that cultivates an environment of awareness is the most effective means to minimize the attack,” Francis concluded.