Should You Pay Ransomware? No, Do These 6 Things Instead

Ransomware. To pay or not to pay.jpg

Ransomware strikes. Your critical data files have been encrypted and your business grinds to a halt. Do you:

a) spend countless hours rebuilding from backups (if you were diligent enough to ensure they’ll work) or

b) pay the perpetrator to unlock your files?

Now that ransomware is spreading like wildfire through malicious emails, “malvertising” campaigns, and exploit kits, many firms and individuals face this exact scenario.

The cost to recover from backups is often drastically higher than simply paying the criminal’s asking price. Once you add up third party service provider fees, regulatory penalties, business downtime, and reputation damages, the actual ransom may not seem so significant. So should you pay the ransom for the key to unlock your files?

The FBI says no. Last year the Bureau issued a warning regarding ransomware. Their current stance on paying the ransom to criminals is the following:

“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

With that in mind, to combat ransomware, firms must be well prepared and ready to respond. Here are six ways to do just that:

1. Have a consistent, reliable system backup in place.

Test these backups periodically as well.

2. Patch servers, computers systems, and mobile devices on a scheduled basis

Don’t let outdated software expose your company to a major well-known vulnerability.

3. Update Anti-Virus software regularly

New viruses pop up on a daily basis. Anti-virus programs adjust accordingly, but you must keep them updated. Set them to auto update if possible.

4. Limit user access to “as needed” basis

If a lower level employee’s machine is infected, this may help contain the problem.

5. Develop written documentation such as; Business Continuity Plan, Disaster Recovery Plan, and an Incident Management Plan.

Having plans already in place will allow you to spring into action immediately without any need for research, planning, and implementation with minimal hiccups.

6. Consider Cyber Liability Insurance as many of the costs related to a cyber breach can be recovered or mitigated.

Cyber Liability Insurance might give you peace of mind in the assurance that if something does happen, you’ll have coverage.

Ransomware cases are being reported at a steadily increasing rate. As they say, it’s not a case of if, but when. Since paying the ransom should not be an option, solid preparation with input from all departments and the board should be high priority when discussing your company’s cyber risk exposures.

At The ALS Group, we consult businesses in a variety of different industries on cyber exposure, purchasing cyber insurance, and developing mitigation strategies and plans. Contact us today to speak to a risk specialist with absolutely no obligation.

 

{{cta(‘f459754f-24d1-4d0d-9010-b5b5083a94bd’,’justifycenter’)}}

Our areas of expertise include:

  • Enterprise Risk Management (ERM)
  • Cyber Security & Cyber Liability Insurance
  • Construction Management
  • Customized Risk Management Assessments (RMAs)

Subscribe to our articles

blog posts form
Form Submission Response

Dear [field id="name"],

Thank you for subscribing to The ALS Group articles! We are so excited to have you on board and look forward to providing you with valuable insights, risk management advice, and industry news.

As a subscriber, you will be the first to receive our latest blog posts straight to your inbox. In addition to the blog content, we have a wealth of resources on our website that we believe will be useful to you.

If you have any questions or require any risk management advice, please contact Albert Sica, Managing Principal, at [email protected] or at 732-395-4251.

Thank you,

The ALS Group

Skip to content