Don’t let fear win: saying no to ransomware
With the rise of ransomware attacks, more businesses need to be taking a non-negotiation approach, according to disaster recovery and business continuity company Databarracks.
A key example of this approach working in the victim’s favour is a recent story with Radiohead, the English rock band.
In the case of Radiohead, in response to an attack the band released 18 hours of outtakes from OK Computer to the public, rather than paying the hefty $150,000 ransom, thus putting a stop to the criminal's plan.
However, this approach is not the norm. A recent report showed that more than 50% of SMEs would rather pay the ransom than take a non-negotiation approach. According to Databarracks, this coincides with ransomware attacks increasing at an ‘alarming’ rate.
Already this trend is proving true with several government organisations in the USA paying money to ransomware criminals. This goes against a long-held policy of governments refusing to negotiate with criminals or terrorists.
Databarracks managing director Peter Groucutt says this sets a dangerous precedent and underlines a need for organisations to maintain a non-negotiation policy against ransom demands.
He says, "Given ransomware attacks are becoming increasingly commonplace, there’s no excuse to be unprepared. Agreeing to pay a ransom demand isn’t conducive to long-term security, and emboldens cyber criminals to continue to use this method. There is also a risk of looking like an easy target, potentially inviting further attacks.
"Releasing a collection of unheard songs, demos and outtakes, while unconventional, was a PR masterstroke by Radiohead. This obviously isn’t a viable tactic for businesses dealing with a ransomware attack, but we can learn from Radiohead’s defiance."
In response to the growing number of ransomware attacks and the propensity for victims to give into demands, Groucutt says companies need to trust in their security capabilities and, where possible, emphasise a non-negotiation philosophy.
He says, while this might sound difficult, there is plenty organisations can do from a technology perspective to strengthen their security posture and portray confidence. According to Groucutt, a comprehensive cyber incident response plan including recovery from backup is key.
Groucutt says, "If you are hit by a ransomware attack, you have two choices: recover your information from a previous backup or pay the ransom. However, even if you pay the ransom, there is no guarantee you will get your data back, so the only way to be fully protected is to have historic backup copies of your data.
"When recovering from ransomware, your aims are to minimise both data loss and IT downtime. Defensive and preventative strategies are essential but outright prevention of ransomware is impossible. You need to plan for how the business will act when compromised to reduce the impact of an attack.
"The incident response team or crisis management team must have the authority to make large-scale, operational decisions, taking systems offline to limit the spread of infection. And they must be able to make that decision very quickly."
"Once the ransomware has been isolated and contained, you must find when the ransomware installation occurred to be able to restore clean data from before the infection took hold. When the most recent, clean data is identified you can begin a typical recovery, restoring data and testing before bringing systems back online again," he says.
Groucutt considers that this is a complex issue but maintains there are successful approaches organisations can take.
He says, "The solution might not be quite as simple as releasing a trove of music to the public, but by having a plan in place, you can be confident the impact of a ransomware attack will always be minimal. Preparation breeds confidence, and means you’ll be able to maintain a consistently defiant stance if or when you’re faced with a ransom demand."