3 Simple Steps For Minimizing Ransomware Exposure

At the beginning of the year, the FBI put out a warning about ransomware on the rise. As you know, these malware scams encrypt files on infected computers, and then criminals demand payment before they'll provide the key required to decrypt them.

Ransomware has been around for years, but recent scams are reaching a new level of sophistication. Malware kits are widely available to buy off the shelf in underground markets, and we've even seen ransomware-as-a-service. Criminals may pose as legitimate companies, law enforcement, or even the FBI themselves, but ransomware is working so well that they don't always have to disguise themselves. Pressure is applied with a countdown threat to destroy data, increase the ransom, or sell the files on the black market. Demand for payment using Bitcoins enables the criminals to protect their anonymity.

The general consensus from the experts is that you shouldn't pay. After all, there's no guarantee the criminals will provide the key you need after payment, and they might sell your files or expose them regardless. If everyone refuses to pay, ransomware will decline in popularity. But that begs the question: what should you do?

Consider that when the Tewksbury Police Department fell victim to CryptoLocker ransomware it enlisted the Department of Homeland Security, the FBI, and the Massachusetts State Police, as well as some private InfoSec firms. None of them were able to help. In the end, the Tewksbury P.D. paid the ransom, which was reportedly around $500 in Bitcoin.

Similar attacks on the Lincoln County Sheriff's office, the Sheriff's Department in Dickinson County, Tennessee, and Midlothian P.D. in Chicago were all successful. If the police can't fight ransomware, what chance does your business have?  In every case, paying the ransom could have been avoided if a few basic infosec best practices were properly observed:

You might also consider limiting the applications that can run on your network, restricting permissions for users, tightening up firewall settings, and a host of other actions. But if you start with these three suggestions, you can safeguard yourself against the vast majority of ransomware attacks. Even if you can't prevent a successful ransomware infection, it is often possible to prevent the exfiltration of data, and a solid recovery strategy can render it impotent.

On the other hand, if you haven't taken steps to guard against a ransomware attack and you do fall victim, then it's already too late. The stark and uncomfortable truth facing you is that you'll have to wave goodbye to that data, or pay the ransom and hope for the best. Realistically, a payment is often the only way you're going to recover those files. The logic that criminals will only continue to use ransomware if people pay, works both ways – if they don't provide the decryption keys, there's no incentive for anyone to pay. That's why they generally do.

But consider this: if your data is important enough to pay a ransom for, why wasn't it important enough to properly backup and protect?