Let’s say you report to work today and find out that all your critical data repositories have been encrypted by a ransomware attack. A hefty ransomware note is prominently displayed on all your computer monitors. Let’s review your options.
Victim Option 1
You could pay the ransom. If you have a cybersecurity insurance policy, a large share of the ransom might be paid for by the insurance provider. Let’s hope so, because the average paid ransom in 2021 was $570,000, an 82% increase over the year prior.
Even if you are lucky enough to have ransomware coverage, paying the ransom is not a cut-and-dried transaction. First off, the legal authorities will pressure you not to pay the criminals as they officially do not support it because it encourages the crime.
Technically, it may even be illegal to pay a ransom to an organization listed as an known terrorist group. But there’s an even bigger reason—payment doesn’t guarantee your data gets restored. According to the Sophos State of Ransomware 2021 Report, only 8% of companies that paid the ransom were able to recover all their data. A measly 29% could only cover half of their encrypted data.
Victim Option 2
You could just ignore the ransom and move on. Of course, your data is gone and many of your servers and workstations are inoperable in their encrypted state.
The average amount of downtime after a ransomware in the 4th quarter of 2020 was 21 days. This is one of the reasons why Inc.com reported that 60% of small businesses fold within six months of a cyberattack.
Victim Option 3
The third option is a kind of get-out-of-jail card that you have in your hip pocket that waits in reserve to be played on just such an occasion. For those who have a modern-day backup system supported by a well-designed backup strategy, data restoration can be achieved without paying anyone a ransom.
According to the Inc.com report, 57% of enterprises that fell victim to a ransomware attack were able to restore all their data from an effective backup, and 96% got at least some of their data back.
Don’t Be Part of the Ransomware Kill Chain
Don’t think that you’re immune from getting ransomware. Your enterprise security is only as good as your weakest link, whether that be a user that demonstrates poor cyber hygiene practices or an unpatched machine.
What’s more, ransomware attacks are no longer a haphazard event. Most attacks are well designed and highly coordinated campaigns that can be broken down into multiple stages, called the “ransomware kill chain.” The preliminary code that launches the attack is often delivered using phishing attacks that coax unsuspecting users into clicking on a link.
Phishing simulations in North America in 2021 show click rates as high as 25%. Ransomware organizations continually mine common vulnerability exposures (CVEs) that they can capitalize on before patches can be created for them.
The attackers often perform reconnaissance to seek out high-value data and scope out your defenses. Today’s ransomware invasions prioritize expansion over encryption, to affect the widest area possible. Often, companies aren’t even aware of an attack until the dreaded ransom note appears.
‘Hope’ Is Still Not a Plan
This isn’t to say that combatting ransomware is futile, but it’s crucial to understand that an attack may succeed, and have a plan if that occurs. Remember: hope is not a plan.
That’s why your multi-layer security strategy must include a backup system managed and protected by well-designed policy strategies.
Your backup strategy should include remediation rehearsals and (sometimes called Tabletop Exercises) that test your backups and demonstrate how long a full restoration would require.
The moral of the story: don’t ignore your backups. While it may be out of sight, it should never be out of mind.