sb-eu logo
Story image

Don’t let fear win: saying no to ransomware

With the rise of ransomware attacks, more businesses need to be taking a non-negotiation approach, according to disaster recovery and business continuity company Databarracks.

A key example of this approach working in the victim’s favour is a recent story with Radiohead, the English rock band.

In the case of Radiohead, in response to an attack the band released 18 hours of outtakes from OK Computer to the public, rather than paying the hefty $150,000 ransom, thus putting a stop to the criminal's plan.

However, this approach is not the norm. A recent report showed that more than 50% of SMEs would rather pay the ransom than take a non-negotiation approach. According to Databarracks, this coincides with ransomware attacks increasing at an ‘alarming’ rate.

Already this trend is proving true with several government organisations in the USA paying money to ransomware criminals. This goes against a long-held policy of governments refusing to negotiate with criminals or terrorists.

Databarracks managing director Peter Groucutt says this sets a dangerous precedent and underlines a need for organisations to maintain a non-negotiation policy against ransom demands.

He says, "Given ransomware attacks are becoming increasingly commonplace, there’s no excuse to be unprepared. Agreeing to pay a ransom demand isn’t conducive to long-term security, and emboldens cyber criminals to continue to use this method. There is also a risk of looking like an easy target, potentially inviting further attacks.

"Releasing a collection of unheard songs, demos and outtakes, while unconventional, was a PR masterstroke by Radiohead. This obviously isn’t a viable tactic for businesses dealing with a ransomware attack, but we can learn from Radiohead’s defiance."

In response to the growing number of ransomware attacks and the propensity for victims to give into demands, Groucutt says companies need to trust in their security capabilities and, where possible, emphasise a non-negotiation philosophy.

He says, while this might sound difficult, there is plenty organisations can do from a technology perspective to strengthen their security posture and portray confidence. According to Groucutt, a comprehensive cyber incident response plan including recovery from backup is key.

Groucutt says, "If you are hit by a ransomware attack, you have two choices: recover your information from a previous backup or pay the ransom. However, even if you pay the ransom, there is no guarantee you will get your data back, so the only way to be fully protected is to have historic backup copies of your data.

"When recovering from ransomware, your aims are to minimise both data loss and IT downtime. Defensive and preventative strategies are essential but outright prevention of ransomware is impossible. You need to plan for how the business will act when compromised to reduce the impact of an attack.

"The incident response team or crisis management team must have the authority to make large-scale, operational decisions, taking systems offline to limit the spread of infection. And they must be able to make that decision very quickly."

"Once the ransomware has been isolated and contained, you must find when the ransomware installation occurred to be able to restore clean data from before the infection took hold. When the most recent, clean data is identified you can begin a typical recovery, restoring data and testing before bringing systems back online again," he says.

Groucutt considers that this is a complex issue but maintains there are successful approaches organisations can take.

He says, "The solution might not be quite as simple as releasing a trove of music to the public, but by having a plan in place, you can be confident the impact of a ransomware attack will always be minimal. Preparation breeds confidence, and means you’ll be able to maintain a consistently defiant stance if or when you’re faced with a ransom demand."

Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Zero trust is the way to secure the distributed workforce - Empired
Existing security solutions need to evolve to accommodate the new remote workforce.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Video: 10 Minute IT Jam – F-Secure talks APTs and the Lazarus Group
We spoke to F-Secure's director of detection and response, Matt Lawrence.More