Should you pay a ransom to unlock your computer systems? With proper preparation, you can remain in the driver’s seat during and after a ransomware attack.
Phil Cardone, a Boston IT Support professional chimes in on the recent ransomware breach in New Bedford, MASS.
If cybercriminals launch a ransomware attack against your business, should you pay up? The answer depends on a number of factors — including the protections you have in place.
A Massive Payout Demand
The city of New Bedford, Massachusetts, faced a ransomware attack recently that included a demand of $5.3 million, one of the largest ransoms ever. City officials at first blamed the network infection on a virus but later acknowledged that the Ryuk ransomware was the culprit. The attackers demanded their multi-million-dollar payout in Bitcoin.
The attack temporarily disrupted some city services, including handling of dog and shellfish licenses, as well as some financial functions. However, the city opted not to pay the hefty ransom, instead working with external IT consultants to analyze the precise nature and scope of the ransomware attack. The city’s IT team then rebuilt the server network, restoring applications and replacing all affected workstations.
City officials noted that the attack affected only approximately 4 percent of the city’s computers — 158 machines. Why was the impact so small? After learning of the attack, city workers quickly disconnected servers and shut down individual systems. In addition, the attack occurred over the July 4 holiday, when many computers had been shut down, so the ransomware could not spread as it might have at another time.
Preparing for an Attack
New Bedford’s preparations for an attack on its computer systems saved the city from considerable expense and additional downtime. When it comes to warding off cybercriminals and hackers, being prepared pays.
To prevent a ransomware attack, consider the following steps:
- Keep all software updated. One of the most important steps you can take to prevent an attack is ensuring that all operating systems and other applications have the latest security patches.
- Make daily backups of all data on your network, including information on individual computers and employee mobile devices. For maximum safety, keep backups on servers in different, offsite locations.
- Make sure all team members understand security policies, including not opening attachments or links from unknown senders.
- Work with vendors to analyze possible threats to your computer systems, and correct any weak points.
Should You Pay a Ransom?
Before an attack, consider how your organization will respond in the event of a ransomware infiltration and ransom demand. Will you pay the ransom, or can you rely on your preparatory steps to restore your systems to their fully operational state?
If your business is attacked, take the following immediate steps to mitigate the damage:
- Work with a qualified IT team to determine if the malware can be decrypted without paying a ransom.
- Isolate any infected machines from your network to keep the ransomware from spreading.
- Check your business insurance policy to determine the amount of coverage. If you feel that your network cannot be restored to its functional state without the cooperation of the attackers, determine whether you will pay the full ransom or attempt to negotiate a lower price. In some high-profile ransomware attacks, victims have successfully negotiated to pay less than the original asking price.
In the New Bedford case, the city rejected the initial ransom demand of more than $5 million, instead offering $400,000 — an amount the city’s insurer would have paid. After the attackers rejected the counter-offer, city officials decided to restore the systems themselves. Officials noted that they would continue to restore data while keeping all critical services operating.
Law enforcement officials say you should never pay a ransom demand in the event of a computer system attack. However, whether you opt to pay the ransom depends on your individual circumstances, namely how much your insurer will cover and the damage to your business operations should you decide not to pay the ransom.