Should Companies Pay Up to Deal With a Ransomware Attack?

The financial impact of these attacks has also dramatically afflicted companies. The average cost of a breach in data has risen to $21,659 per incident over the course of 2020, as reported by Verizon. Generally, each incident would cost between $800 to $650,000. Unfortunately, successful cyberattacks can catastrophically increase this cost, with some costing over $1 million or even more.

As for these cyberattacks, ransomware has become more popular over the years, and most especially during the pandemic. Attackers see this as a quick way of making money. Unfortunately, the initial requirement for mounting these attacks, which is programming knowledge and adeptness, is not sufficient anymore. Ransomware-as-a-service has also risen considerably. All one needs now is to buy ransomware, just like any off-the-shelf software, and deploy it in networks and IT infrastructures that are now more accessible because of remote working arrangements.

Business continuity despite looming ransomware attacks

As an enterprise, being aware of the dangers of ransomware and other cybersecurity attacks is already a given. What separates regular businesses from those that are resilient to these attacks is one thing – being able to ensure business continuity by having plans and the ability to execute these when needed.

Companies with the most responsive and forward-thinking leadership would already put in place a plan that would not only address a security problem when it happens but will also have a plan that will prevent it from happening.

Anticipating an attack

In July 2021, a ransomware attack was initiated by the Russia-based ransomware group called REvil. This attack affected the networks of approximately 200 companies. The attack zeroed in on software provider Kaseya; the hackers used a network-management package to initiate the spread of the ransomware through cloud-service providers. This incident clearly shows that these attacks can come at any time and could use different points of entry to compromise any company.

Thus, it’s important to have a good business continuity plan in place to anticipate such an attack. It should be part of the security policies implemented across the whole network of any enterprise.

Critical business functions should be identified, and plans put into place in the business continuity scheme should ensure protocols exist to keep these functions working even when a ransomware attack is happening. An analysis should also be brought into effect to determine the maximum allowable downtime for these functions that will not drastically affect the company’s business. Having a recovery point and recovery time objectives are also equally important.

In the midst of an attack

One topic that is often discussed when it comes to ransomware attacks is whether an organization should pay the ransom.

There are two schools of thought here.

On the one hand, there are experts who say that the best course of action, if a company’s data and network has been held hostage after a ransomware attack, is to just pay the ransom.

A study found that over half of ransomware victims paid the ransom imposed by their attackers so their data can be restored. The reasons for paying the ransom are diverse, with one of the main ones being that access to data is of primary importance.

Unfortunately, this is a solution that is not reliable. In fact, only 29 percent of the victims cited in the same study reported that they were able to restore their data. 50 percent lost some of their files, and 13 percent lost almost all of their data.

The unreliability of the outcome after paying ransom shows that this is not the right tactic to take, especially if it is planned for business continuity. In fact, the Federal Bureau of Investigation (FBI) advises victims not to pay the ransom.

After the attack

In the aftermath of an attack, the best course of action is to review how the attack took place. Tracing where the entry point happened and securing those vulnerabilities might be a good start. The whole system needs to be checked as well to ensure that no other underlying vulnerabilities have been left. Using Breach and Attack Simulations can actually help in ensuring that the IT infrastructure is constantly reviewed for potential breaches in the integrity of the system.

Implementing an endpoint and detection response (EDR) solution will also help in preventing any kind of future ransomware attacks. The EDR solution will monitor incoming and outgoing traffic and isolate machines that the solution detects to have malware. This is a solution that is also particularly effective given that there are now numerous machines that connect to the corporate network due to remote and hybrid work arrangements with employees. By practice, employees who work remotely will often access the network using multiple machines, which increases the likelihood of an infected machine accessing the network.

Of course, the most robust policies will have a chance of ending up useless and rendered ineffective without education and awareness. In any infrastructure, it is human intervention that is the weakest link. The organization should be made aware of the dangers of a cyberattack so training them about ransomware, phishing, and other security threats should be part of business continuity planning strategies.

Ransomware attacks are a real danger and one of the most insidious threats any organization can face. But with responsive business continuity planning and the help of everyone in the organization, this threat can be mitigated even if the organization suffers an attack.