Ransomware: To pay or not to pay

Eldon Sprickerhoff
Tuesday July 04, 2017
Written by Eldon Sprickerhoff
Eldon Sprickerhoff
Eldon Sprickerhoff
According to the FBI, ransomware attacks grew by more than 300 per cent in 2016. Its overwhelming effectiveness has made it an attack method of choice for cyber criminals and its continual evolution is what helps its variants evade the security defences working to detect them.

Odds are, many more organizations will be faced with a ransomware attack. The key to dealing with ransomware is understanding how it works and the steps that should be taken to limit damage in the event of an attack. With proper planning and preparation, as a business leader, you should never find yourself asking, “to pay or not to pay?”

Additionally, ransomware is not just IT’s problem. The increase in the number of ransomware attacks and their growing effectiveness in crippling a business require prevention at the core of the company’s cybersecurity policy.

Ransomware demonstrates that the responsibility for cybersecurity practices is not limited to the information technology team or even the security team. Every level of an organization plays a role in protecting its networks against cyber-attacks. Additionally, while a lot of firms see third-party service vendors as an extension of their organization, they can actually be the weakest security link. When looking into third-party vendors it’s important to ask if their cybersecurity posture is up-to-date.

If your company experiences a ransomware attack, they should never pay the ransom. There is no guarantee that the hackers won’t already be in your network. Plus, by paying a ransom, you put yourself at risk for future attacks; if a hacker is successful the first time, they will try again. Many also assume that once you pay a ransom, your files will be fully restored, but this isn’t always the case. Depending on the variant of the malware, you may receive some, all, or none of your files once you pay. It’s just not worth the risk. By regularly backing up your system, you’re insuring yourself so if you do get hit with a ransomware attack, you can wipe your system and restore from back-up.

Eldon Sprickerhoff is founder and chief security strategist at cyber security company eSentire.

Add comment


Security code
Refresh

Subscription Centre

 
New Subscription
 
Already a Subscriber
 
Customer Service
 
View Digital Magazine Renew

Latest Events

(ISC)2 Security Congress
September 25-27, 2017
Focus On Drones
October 4, 2017
Anixter Showcase
October 12, 2017
Security Canada Central
October 18-19, 2017
CPTED Basic (Level 1)
October 23-25, 2017