Imagine how well you’d fare in a cage match with an extremely intimidating opponent. Such a nightmare scenario might seem a bit far-fetched to you. Indeed, it’s highly unlikely you’ll ever find yourself trapped and outmatched in the ring in real life.
But the arena of cyberspace is a different place. It has no shortage of rogues who will prey on you — or, in this case, your business — and drag you onto their turf where they can hold you hostage. With their grappling hooks burrowed into your computer system’s brain and your files encrypted, these modern-day gladiators can have you on the ropes before you even know it.
To pay or not to pay?
So how should you respond to a ransomware attack? That is a complex question. Any decision to pay off your captor should be carefully considered. There is no guarantee that even if you give in to their demands, you will be handed the keys to unlock the cage and leave with your data intact. A cyber-pirate, by his very nature, doesn’t play by the rules.
The only other option is to try to disarm the predator or to escape his clutches. (Some attackers are less sophisticated than others, so it’s important to gauge their skill level.)
You best defenders are your employees
However, this requires a certain degree of nimbleness — which one cannot develop instantaneously. Therefore, the real key to thwarting to a ransomware attack is preparation.
The first line of defence involves making sure your employees have their shields up — that they are conditioned to avoid phishing lures and to recognize any clandestine attack in progress. Subjecting staff to unannounced cyber-attack drills will help their training kick in when or if it becomes necessary.
But minimizing the potential for human error is not enough.
Limit the attack options
Your computer infrastructure likely has all kinds of Achilles’ heels built in. So all well-known system vulnerabilities should be looked at to limit possible angles of attack.
Here’s an example: Ransomware is constantly evolving and newer versions can go undetected by for days. So hedge your bets — consider deploying different anti-virus programs for different purposes, from desktops to servers to the email gateway. Be disciplined about applying patches on a timely basis. Also, only grant employees the barest minimum of access privileges required to do their jobs — such roadblocks will help contain any potential infection.
In the event of an attack, it is imperative to quarantine the victim computer as soon as possible and to correctly identify the ransomware variant in order to contain the damage and perhaps even reverse the encryption process. Just as crucial is ensuring the infection has been completely rooted out before beginning the recovery phase, the success of which will depend on how solid your backup process is.
Paying a ransom should be a last resort — one that should be weighed only after all other data-recovery options have been exhausted. A successful ransomware attack will only embolden and further empower an already ruthless and resourceful enemy. Invest in some armour instead.
You can learn more about protecting your firm from acts of cyber-piracy by downloading this Ransomware Response Guide from IBM.