It’s no secret that we’re seeing more and more businesses get hit with ransomware attacks. The recent Colonial Pipeline in May comes to mind as it netted the attackers a whopping $4.4 million dollars. Truth is, they aren’t new to organizations at all but have recently gotten more public attention; most likely because of the way attackers want to get paid – via cryptocurrencies.
A lot of experts say “pay the ransomware.” A lot of other experts say “no, don’t pay at any cost.” The way it should be approached, however, is on a per case basis. In the example of Colonial Pipeline, the decision was made to pay the ransomware. It was seen as a simple business decision: pay $4.4 million in crypto, or possibly lose millions more by refusing to pay and wasting time trying to decrypt their systems on their own.
Top Ransomware Mistakes
Paying the ransomware fee or not shouldn’t be the most important topic to discuss when an attack happens. This is where businesses make their first mistake. Let’s discuss more common mistakes businesses make when falling victim to a ransomware attack.
Stop further damage
Before your organization can think about how you will recover your systems and data, it’s essential that your security team ensures that the malware doesn’t spread any further. After confirming how the attackers were able penetrate your systems, security teams must remove future risks of becoming victims to the same attack.
Not having a plan
In 2021 and beyond, it is no longer if your organization will fall victim to some sort of cybersecurity attack but when. You and your cybersecurity team need to sit down and draft a step by step plan to execute once a breach is discovered.
Not knowing exactly what to do usually leads to a series of bad decisions and mistakes which can be devastating to your recovery efforts.
Data Backup Mistakes
One of the first things attackers do when infiltrating your organization is scan your network for backups. If your backups are attached to your network in some way, they will most likely be destroyed before the malware is deployed.
The ideal situation would be to have off site services store your backups to potentially avoid a major crisis if and when a ransomware attack happens to your business.
Try to navigate ransomware attacks alone
If your cybersecurity team is inexperienced or not large enough to feel confident to deal with ransomware attackers, it’s probably a better idea to get help. It’s a good idea to keep incident response services nearby to help you to either negotiate with the attackers or to get a “better deal” if you will.
A lot of these businesses have dealt with hundreds of these cases and can most likely help your organization get you back on your feet a lot quicker than if you navigate on your own.
Forget to call law enforcement
Your incident response plan should include your team immediately contacting your local FBI office.
In the Colonial Pipeline ransomware attack, the FBI was able to track down the digital wallets of the attackers and were able to recover 64 out of the 75 bitcoins that were paid.
There are many benefits of allowing the FBI to get involved such as:
- The possibility of providing special cryptocurrency tools to “follow the money”
- Specialized decryption tools
- Better techniques to recover encrypted data
- Provide them with the ability to track the attackers down in the future and prevent them from attacking others
Not calling your insurance provider
If your organization has a cyber insurance policy and you fail to call and get them involved from the get go, you may be violating your policy and your insurance provider will most likely deny your claim.
Most cyber insurance providers have their own crisis plans and professionals they rely on to handle ransomware attacks. Once you call them and let them know there’s been a breach, your organization oftentimes hands complete control to them.
Stick to a plan
Don’t let emotions take control and stick to your well planned incident response agenda. This will be a trying time for your business leaders, shareholders and employees but it’s important to stay level headed and stick to your plan.
Learn from your mistakes
After the ransomware attack has been neutralized, it’s time to gather your cyber security team and discuss how your team can improve. If your team didn’t have an incident response plan, then it’s time to create one based off of your recent experience. If your organization decided to pay the ransomware, brainstorm ideas to see how you can prevent paying if it ever happens again.
If your team did have an incident response plan in place but you saw areas to improve, now is the time to do so.
Next, it’s time to figure out how the attackers were able to infiltrate your organization’s network and work on patching these areas to prevent future attacks. It’s also a great time to implement cyber simulations and even hire a white hat hacker to test your cybersecurity efforts.
As ransomware attacks continue to evolve in sophistication, they have also silently become a multi billion dollar industry. Since January 2021, there has been a 57% increase in reported ransomware attacks. As it stands, the average cost for a small business to recover from a ransomware attack is at $1.85 million and rising.
Now is the perfect time for your organization to beef up your defenses and make sure you have plenty of off-line backups handy.