Should You Pay for a Ransomware Attack?

RansomwareGetting hit with a ransomware attack is not fun, cybercriminals encrypt your data and you are left having to decide: should we pay to get them back? It is a scene that’s played out across the world with 70% of businesses saying “yes” in 2016 alone. Here are six factors to consider if you are ever in this situation.

1) Do you trust them?

Remember that they are criminals holding your data hostage, how confident are you that they will send you the decryption key and that the key will decrypt all your data? The attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if you never hear from them again. You are also equally trapped if they decide to come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is fixed by experts. Businesses don’t exactly want their breach publicised, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

2) Can you manage the impact?

The best case scenario is that you can wipe the affected drives and restore from a clean backup without paying the ransom. You may even decide that the encrypted files aren’t that important and simply let them go and just wipe the infected machine. On the other hand, if your data management comes under any special regulations, like health or legal, you may find that the attack has a much wider impact. The attacker will also motivate you to pay the ransom quickly with a countdown and a threat of total deletion when it hits zero. Remember that if the data isn’t that valuable, or you have confirmed backups, this urgency should have no effect on your plans. T

3) How much do they want?

Cybercriminals rarely send out attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. Different countries or regions are also charged differing amounts. They may be “bad guys”, but they are smart people who know your financial limits. They also consider how much similar businesses have paid previously and expect you to follow suit.

4) Are your backups any good?

Always check your backup to confirm that they are working, that the correct data is being backed up and that you can recover the data from them. Many businesses are discovering too late that their backup systems are not robust enough. Either the backup has become infected too, they weren’t up-to-date or they backed up the wrong data. It is imperative that you at least do some quick backup checks to ensure you can recover all your data in case the unfortunate happens.

5) What are you policies?

Businesses are now adding ransomware to their disaster recovery plans and have predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly and make the best decisions for the business.

6) Stay safe in the first place

Ransomware is not slowing down and all factors say it will increase. As more businesses pay the ransom the cybercriminals are steadily launching new attacks and making it their full-time job. Most of the attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training staff helps, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your inboxes so that triggering a ransomware attack becomes something that happens to other businesses and not yours.

Secure your data systems and check your backups now. If you need help, contact us on 08 8326 4364 or support@dpcomputing.com.au.

Will Clicking That Link Cost You Thousands?

Ransomware has been a huge security threat in 2016. No-one was safe. Hackers targeted everyone and everything – including office networks and home PCs. In fact anything connected to the Internet (including smart TV’s and surveillance cameras) was fair game for them. They were very successful, with reports of upwards of $US846million reported just from incidents in the US. With this sort of monetary gain business is booming for hackers, with thousands of attacks each day bringing in an average of $US640 per target. Even more alarmingly is that the cost to the end user is on the rise with hackers demanding more and more money each time.

Some hackers even offer to help and rescue you from the issue that they caused – for a fee of course! One method is to trick you into thinking you have a virus or malware issue that will spread rapidly if you don’t pay them money to remove it. Another scarier method is that they pretend to be from a law enforcement agency (ie the Federal Police, FBI or a similar type of organisation) and say your computer was involved in a crime (anything from money laundering to child pornography). If you pay them a certain amount of money quickly you can avoid going to prison.

The real bad malware that is spreading rapidly at the moment are the crypto range of viruses. These viruses cause users to be locked out of their own data by encrypting files on users computers and servers. Folders of business documents, pictures, photos, music and even financial records are all held hostage until a ransom is paid. The encryption is such that it is unbreakable and unless you have a good backup paying the ransom is often seen to be the only solution.

The way these evil hackers get into your computer is deviously simple. They convince users to click on an email attachment/link or pop-up. For example you receive an email or pop up that:

  • supposedly tracks an undeliverable package.
  • is a bill or credit from a utility company.
  • alerts you to a virus that was found and needs to be removed.
  • an invoice from a company you have never heard of and / or for goods you never ordered.
  • advises you of a recent traffic or some other type of fine.

They make the message so tempting to click through for more details (this is what the hackers count on). Their messages and pop-ups aren’t obvious threats and so can easily slip under our radar and through various spam and virus filters.

Paying the hackers to solve or unencrypt your files is not recommended as they are not the most trustworthy bunch. That one payment may lead to demands of more and more money with no solution in sight.

To make things worse, the malware can encrypt your backups too. Having a backup is very important in any situation, but in cases like this, the right backup is needed – with several other backup copies not connected to your network and stored safely offsite. An online backup is also recommended. Before restoring your backup remember to check that the malware isn’t lurking in the background, ready to not just re-infect your restored files but also the backup drive itself.

To avoid finding yourself dealing with ransom demands we recommend being wary of all email attachments. Even if they are from business associates, friends and family – if you are not sure what the file is don’t click it. The sender may not have sent that email intentionally and their compromised system may be automatically emailing everyone in their address book.

You should also be wary with any popups that appear out of place, especially ones that try to make you panic or do something you are wary of doing. If the message doesn’t sound or look right then don’t click it. Ransomware is just too dangerous to risk.

Also make sure your backups are working correctly and regularly test your backups.

Call us on 08 8326 4364 to set your computer up with protections against ransomware / malware / viruses, and put backups in place that will keep your important files safe.