By Ron Temske, Vice President, Security Solutions, Logicalis US
By now, nearly every CIO has heard about some organization that has literally been held hostage by a ransomware attack. And each time you hear about it, there’s one pressing question on your mind: What if it happens to my organization? Should we pay the ransom or not? To pay or not to pay, however, may not be the right question.
Ransomware, which holds business data hostage until a fee is paid, has become one of the most sophisticated criminal enterprises the world has ever seen. Everyone involved in IT security has long battled those who simply want to create chaos and disruption. We’ve seen nation states attack both military and civilian targets and “hacktivists” who hack for various social causes. But ransomware is different in one key way: It’s all about the money.
As a result, ransomware has truly become a business, complete with sophisticated cybercrime-as-a-service offerings and world-class customer support to ensure its victims’ files are returned expeditiously once the ransom is paid. It’s a service business approaching $1 billion in annual revenue, something that would be heralded as an accomplishment if it weren’t based on such nefarious principles. The business of ransomware has even spawned a network of affiliates that provide redirection of an exploit kit for a cut of the profits.
So, if you’re looking for a quick yes or no answer about whether or not you should pay if your organization is targeted, I’m afraid it’s not quite that simple. Ransomware is a complex problem and it requires a well-thought-out solution. A better question might be: How can I protect my organization from ransomware attacks?
The best thing you can do is to prepare your systems now to thwart attacks before they start, identify them in progress, and to develop a recovery plan in case you are attacked – including a policy about whether to pay or not. In fact, there are five key steps you can take to respond to the threat ransomware poses today.
Create a Modern Defense
Traditional signature-based anti-virus solutions are good to have, but they aren’t up to the job of thwarting a sophisticated ransomware attack. Neither is your traditional stateful firewall. As a result, it is critically important to plan for the possibility of an attack by developing comprehensive visibility and access to extensive details on how the malware entered your organization’s environment in the first place. If you’re serious about heading ransomware off at the pass, focus intently on modern next-generation anti-malware and firewall solutions that can stop an attack before it starts.
Take an Architectural Approach
In some limited situations, point solutions can be effective, but not with ransomware. The most effective way to address the threat posed by ransomware and other pervasive cyberattacks is to take a holistic architectural approach to security that encompasses the entire network including its systems and endpoints as well as your cloud and mobile strategies. Because so many of today’s threats are automated, solutions that rely on human intervention to detect and respond are neither affordable nor effective, making automation and orchestration key principals in a solid security architecture design.
Prevent the Spread of Malware
If an attacker’s malware does enter your network, it has the ability to spread like a fast-moving cold among passengers on an airplane. The key at this stage is to compartmentalize your data using network micro-segmentation strategies that make it more difficult for malware to spread laterally within the environment.
Plan Your Recovery
The unfortunate truth is, despite the security industry’s best efforts, no organization is entirely immune to attack. Therefore, it’s critical to examine how your organization will recover if it is breached. First, be sure you’re backing up. Second, test, test and re-test the backup and restore process; a backup is only valuable if the data can actually be restored when it’s needed. It’s also important to ensure that the restore can be done at the system level since file-based recovery may not be enough. Consider, too, how much redundancy is required; if you are hit, do you have an uncorrupted source from which you can immediately recover? And be sure to weigh the costs of various solutions against the cost of potential loss or downtime – not all data is equally valuable, which means not all data needs the same level of protection.
Create a Pay or No-Pay Policy
Finally, the big question: To pay or not to pay? No vertical market is having a tougher time facing this question than healthcare is today; whether it’s critical patient-care data that hackers hold hostage or the threat of hefty regulatory fines imposed when protected patient health information (PHI) is breached, healthcare organizations have become prime targets for ransomware attacks. Before any organization – healthcare or otherwise – pays a ransom, however, its IT professionals should examine how much damage will be done if they don’t pay. Do you have an uncompromised data backup from which you can restore? What is the cost to restore vs. pay – both monetarily and in terms of the business’ ability to function in the meantime? Ultimately, the decision comes down to how business-critical the compromised data is to your organization. If you do decide to pay, negotiate. In most cases, you can talk the price down, so it may make sense to consider not paying the first amount offered.
Want to learn more? Your organization may not have been breached yet, but it will be; find out what you can do about it here, then listen to a Logicalis US anti-ransomware webinar to learn why your company is not safe from hackers and explore 10 tough security questions every CIO must be able to answer.