14 DAY TRIAL // Ransomware attacks are becoming more common these days, but at the same time, the number of victims that agree to pay for the decryption key is also increasing.
In just a few words, a successful ransomware attack comes down to files stored on a compromised device being encrypted and access to the system then locked. Victims are required to pay a ransom for the decryption key, which would technically allow them to regain access to the device and files.
While there’s no guarantee that hackers would actually provide the decryption key or steal the data and then ask for more money in exchange for keeping the files private, more and more companies agree to pay the cybercriminals after their devices are compromised.
Two such cases made the rounds in the last few days. First, the largest hospital in New Jersey, Hackensack Meridian Health, paid hackers to regain control of their systems after someone managed to break into their network and lock all electronic equipment. Additionally, Canadian company LifeLabs agreed to pay a ransom in return for the data of 15 million customers, which was stolen after a breach in October.
Microsoft: Don’t do it
Software giant Microsoft, however, recommends against doing it.
“We never encourage a ransomware victim to pay any form of ransom demand. Paying a ransom is often expensive, dangerous, and only refuels the attackers’ capacity to continue their operations; bottom line, this equates to a proverbial pat on the back for the attackers. The most important thing to note is that paying cybercriminals to get a ransomware decryption key provides no guarantee that your encrypted data will be restored,” Ola Peters, Senior Cybersecurity Consultant, DART, explains in a blog post.
The post then goes on to detail the ways companies can be prepared in case of ransomware attacks, with the emphasis put on backups for critical systems and files.
“The ability to recover to a known good state is the most critical strategy of any information security incident plan, especially ransomware,” Peters adds.
Other methods to stay on the safe side include email filtering, system patching and vulnerability management, antivirus protection, and application whitelisting.