Your customer calls and reads you a pop-up message on his screen: “We’ve encrypted your files. Pay up or lose them.” What do you tell that frantic client?
Ken Dwight, aka The Virus Doctor, outlines four options: “There could be a free decryptor available, the criminals will give you the key if you pay, they will never reply if you pay, or they can’t decrypt the files because of errors on their part.”
John Pescatore, director of emerging security trends at the Bethesda, Md.-based SANS Institute, uses an analogy clear to all parents. “You should never bribe your kids with candy, but sometimes you have to, like on an airplane.” Your kids know when they have leverage, as do hackers, and if your customer has not properly used the backup process you put in place, paying may be the only chance of getting the customer’s files back.
However, “If you pay, you guarantee you will get hit again,” explains Pescatore. “Ransoms are going down to make them cheaper than fixing the problem. Hackers figure it’s better to get lots of small payments than bet on one big one.”
Ransomware prevention includes the “usual suspects” of malware protection, including patching systems, providing users with phishing training, keeping anti-malware tools up to date, and making file backups. “If your backups are as accessible as your main data, hackers learned they can steal from your backups,” says Pescatore. “Your backup files should not be too easily accessible. There are plenty of easy and inexpensive cloud remote backup processes.”
Since ransom demands for smaller businesses are in the $500 to $1,000 range, Pescatore points out that a company can back up maybe 20 servers for a year for that amount. That avoids all types of other data loss situations, not just ransomware. That information, plus the high publicity profile of some ransomware attacks, may help your customers decide to increase their protection.
Business decisions drive the choice of paying or not, based on the encrypted files and the time and cost to recover them. Dwight says, “For home users, it may be a more emotional decision, based on lost photographs and other files with great sentimental value.”
Advise your clients to contact their business insurance company when hit with ransomware. Some policies cover ransoms or recovery efforts. Policy costs will almost certainly go up afterward, however.
Dwight and Pescatore, as well as other security experts, say the first thing to do after a ransomware event is to upgrade security and backup processes. “Hackers are automated like robocalls and are not particularly sophisticated,” says Pescatore. “Just make sure your PC doesn’t respond to a robocall with your bank password.”