Should you pay when ransomware hits you? There are several things to consider first

1640183419 Should you pay when ransomware hits you There are several

Whether paying spyware for data held as an enemy makes sense depends on many variables. Experts explain the variables and why they are important.

Image: vchal, Getty Images / iStockphoto

Whether you should pay spyware to stop deleted data or stop a denial of service attack is a hot topic right now. As with many other issues, on the surface it seems like a simple decision or not. However, if you take the whole picture into account, coming to that conclusion is simple.

SEE: Cybersecurity: Let's Get Intelligent (Free PDF) (TechRepublic)

"At the same time, I sympathize with the calls for a total ban on such payments," said Richard Hummel, Netscout's threat intelligence director. "The international nature of cyber-extraction makes it very difficult to use traditional law enforcement methods. On the other hand, the non-payment damage can be too damaging to sensitive departments. I think about healthcare in particular. If there is a hospital that does not have access to records, which then puts patients' lives at risk, it is difficult to prove that you will not pay up. "


    What to consider when deciding whether to pay for a ransomware application

    As mentioned before, the big picture needs to be considered. “The decision to pay for a ransomware application must be made carefully, with the identification and acceptance of risks and in consultation with various stakeholders: Legal advisor, law enforcement, cyber carrier, and experts security, "Kris Lovejoy, director of global cybersecurity consulting at Ernst & Young Global Limited, wrote in her article Ransomware: To pay or not to pay." In addition, payment may Spy money by the agency or insurer raise questions as to whether payment involves financing of criminal organizations, terrorism, fraudulent states, and / or violating anti-money laundering laws. "

    SEE: Ransomware Attack: Why a small business paid $ 150,000 in damages (TechRepublic)

    Lovejoy strongly believes in being prepared beyond the usual IT infrastructure protections. Here is a list of what should be done to reduce damage from a ransomware attack:

    • Consider getting cybersecurity and business bankruptcy insurance.
    • Maintain a cybersecurity response team with experience in dealing with ransomware incidents.
    • Create corporate policies for paying cash. Lovejoy suggested consulting with internal and / or external consultants and cyberinsurance.
    • Determine who should report in the event of a ransomware attack, including law enforcement, outside advice, insurance carrier and regulators. Lovejoy said, "This should be part of your event response playbook, which should be used, reviewed and updated frequently." Note: In her article, Lovejoy considered disclosure requirements related to the payment of bankruptcy. Unfortunately, governments, regulatory bodies and states are not marching step by step over disclosure. There is help, however; for example, they compiled resources such as the report Ransomware Laws & Data Security: A Guide to Complying with U.S. & EU Breach Information Regulations offered by Varonis Systems and the IT Governance website, which lists data breach notification laws by state. (Please visit state - specific sites for up - to - date data.)
    • Decide when, how and under what conditions the decision would be to pay or not to be paid. Lovejoy suggested using exercises that are similar to potential ransomware incidents, and testing whether decisions made during the exercise work in the event of a real ransomware incident.
    • Find out how cryptocurrency works, as ransom payments are usually made using Bitcoin. In her article, Lovejoy advised, "This (Bitcoin trading) is usually done by a third party. The options will have an external IR and an advisor, as will insurers who may need Note: Hummel urges caution when it comes to transferring assets: “Because cyber-extraction has been extremely beneficial to criminals across the board. in the last few years, the booth industry of companies has risen to the process of making grain payments, and this has made extortions much easier. "
    • Test ability to recover from backup at scale. Lovejoy said, "It's better to assume that your last good backups are also compromised."
    READ  We need to pay more attention to "tech-age" - TechCrunch

    The process is not immediate. Whether you decide to pay or not, it will take time to return to normal business work. Lovejoy highlighted the importance of maintaining the company’s critical functions in line with the business continuity component of the incident-response playbook.

    Why it's important to be prepared for ransomware

    There is no one right answer when deciding whether you should pay cyber-extortionists. Lovejoy and Hummel urge caution when making the decision; in particular, what level of risk is appropriate?

    “The time to test the policy towards ransomware payment is not during the event,” Lovejoy said. "This is even more important because ransomware attackers seem to recognize the limitations of their business model, and begin not only to encrypt data, but to decrypt it."

    For more information on ransomware, read these TechRepublic articles: 5 More Things to Know About Ransomware, Top Five Business Categories Targeted by Ransomware, Research Finds That IT Departments That Have the victim of ransomware forever modified and How to protect your organization's remote endings against ransomware.

    See also

    Related Posts

    Deja una respuesta

    Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *


    We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information