Don't Let Ransomware Take Your Money: Use an Incident Response Plan!

I feel like all I have been writing about for the past month has been Ransomware. Obviously that is due to the fact that Ransomware is in the news all the time, every day, with new trends that are happening, new "victims" that are identified, and how these organized crime entities keep on upping the ante with each day that passes. 

In fact, just this week alone, we learned a couple of new facts about Ransomware. First, we learned that the attackers are going after the Congress of the United States. While this is honestly not a huge surprise as it is just been a matter of time before it reached the Federal Government at that level, it will be interesting to see what the Government response is to this growing crisis. The second thing that we learned is that April of 2016 was the worst month on record for Ransomware infections in the United States. In fact, the data suggests that the number of Ransomware attacks in April of 2016 more than doubled from the number of attacks in March of 2016. Let that sink in for a minute. In a single month, the number of Ransomware attacks rose by 158%. 

For this reason, it is our position, along with the FBI and most other IT Security professionals, that you absolutely should never, ever pay the ransom if you become infected by a strand of Ransomware. While, in all honesty, paying the ransom could be a easier, quicker solution, we cannot continue to support this type of behavior. In fact, I know an organization that went through this process of being infected by Ransomware and they stated that paying the ransom was the quickest and cheapest part of the process. So if this is so quick and easy, why shouldn't you just pay the ransom, get your data back, and move on with your day? Here are three great reasons:

1. Don't Encourage Bad Behavior - If you pay the ransom and give these criminals money for your data, you are encouraging them to keep going, to do this to more people, and to create new strands of this malware. If it works and you pay, there is no incentive for them to stop doing it. Make them stop by not caving to their demands.
2. No Guarantees - Think about this for a second. When you are infected with Ransomware, a criminal is seizing your data, whatever that might be, and demanding that you pay them to get access back. This doesn't make these criminals the most ethical group out there so who is to say that once you pay, they won't ignore you and send you the key to decrypt your data? Then you spent a bunch of money, did what you thought would get you out of this, and ultimately you are in the same position except your wallet is a little lighter. 
3. Negative Attention - If you pay the ransom you will most likely be targeted again. Remember in point # 1 when I said that these criminal organizations will keep doing this if we keep paying? Well if you decide to pay, you will probably be targeted again and guess what? Your ransom will probably be bigger. These are criminals we are talking about here. Most bank robbers, if they aren't caught immediately, don't rob a single bank and then go into hiding to spend their cash. No, they try and replicate their bank robbery on another bank? Why? Because if they were successful the first time, they will be successful again (At least that's what they think). If you pay, the cybercriminals were successful and they will go after you again.

I know that all of this is great advice and on paper makes perfect sense. However, when you are infected with Ransomware and don't have good prevention techniques in place (Back Up Regularly!), you need to get your business back up and running immediately. Time is money and businesses need money to survive. So what do you do? My suggestion, in addition to the prevention tips you can find in this blog post, is to have a robust, detailed Incident Response Plan and Program in place.

As part of our IT Compliance Knowledge Series, our May webinar will focus on Incident Response Planning and Management. This 30-minute webinar will be held on Thursday May 26th at 1:00 PM EST. To register, click on the registration button below: