UTEC

View Original

Should You Pay The Ransom When Your Company Has Been Hacked?

It may seem like ransomware is a fairly recent headline, but it's been impacting businesses nearly 30 years. That's more than enough time to become the refined, sophisticated, and the lucrative industry it is today.

When ransomware is detected, companies are faced with a "pay now or pay later" decision. There's no definitive answer to that question. If you're a hospital director with lives on the line, your decision may be different from another organization with time to access back-up files or recreate data. There are many factors to consider, beginning with an understanding of how extensively you've been compromised.

"Ransomware is cheap to make and lucrative when it works, so we can expect to see a lot more of it," 

Detecting ransomware

Ransomware is malicious software designed to block access to all or part of your business' computer system until a sum of money is paid. Hackers find weak links in your company's system and place ransomware to encrypt your data.

"Ransomware is cheap to make and lucrative when it works, so we can expect to see a lot more of it," said Shirali Patel, Raytheon's international cyber program manager. "Today, corporate networks are so woven together that a breach of a lower-level target can allow attackers to slither into much more sensitive systems. That's the real danger. It's bad enough to hold data hostage, but it's much worse to lock up the operations of a power plant or a hospital."

How do you know you've been breached? Watch for these warning signs on your computer screen:

  • A ransom message often appears on your computer screen. If it's still there after rebooting your system or you're unable to access data, it's likely a legitimate security breach.

  • Fake antivirus pop-up messages are a favorite (and rely on you not knowing the difference between fake and real warnings). Many people click through thinking it's legitimate and unknowingly provide hackers with payment information.

  • Hackers, hoping you'll click, likely place unwanted or unrecognizable browser toolbars.

  • Particularly popular on Facebook right now, beware of duplicate social media profile invitations. If you're already connected to a person, the second invitation is likely a hacker.

  • If your online password isn't working (despite triple-checking for accuracy), you've probably been locked out of your account by a hacker.

These are some of the more common clues but beware of any unfamiliar activity on your computer. We're in front of our screens so often that most people recognize even the subtlest changes. Trust your instincts.

Pay now or pay later?

Being hit with ransomware is going to impact your bottom-line at some point. It's a cost / benefit analysis for most businesses. Do you pay now and hope the hackers release your data? Or do you instead pay computer experts to retrieve and/or rebuild your system and attempt data recovery?

Because ransom amounts tend to be reasonable, businesses often comply. The F.B.I. reports that more than $1 billion was paid to ransomware hackers in 2016. The Department of Justice reports an average of 4,000 attacks per day in the U.S. that same year.

According to a recent article in Forbes, those numbers are likely low since security breaches are under-reported. Companies are often embarrassed and fear customer backlash from acknowledging compromised privacy. There is also sometimes a misunderstanding in how to pay the cyber ransom (often in bitcoin) or concern that the ransom won't be fulfilled.

Vyas Sekar, a professor of electrical and computer engineering at Carnegie Mellon University's Cylab, said there are two ways to look at such dilemmas. "There is a possibility that paying the ransom is the cheaper option, but the FBI says it sets a bad precedent for future incidents and you are more likely to be attacked again. And, if you already have a ransomware strategy and recovery mechanism in place, the cost of repair might not be that high."

Avoiding ransomware

The importance of establishing recovery systems and cybersecurity protocols to lean on during an attack cannot be overstated. There are best practices for preventing an attack in the first place, but also recovery systems to lean on after an attack.

Partnering with a trusted cybersecurity consultant will help you with both. Your IT partner will identify the weak links in your system, install robust anti-virus protections, train employees, regularly and safely back up data, and monitor your system for unusual activity.

You should also rely on your IT expert to outline a recovery plan. They can often determine the source of the breach and follow the trail to uncover data loss or confidentiality issues. Their investigative work will help you decide whether to pay or not when your business is held for ransom.

Secure your SE Michigan organization's data with the business technology experts at UTEC. Call or email Steve Panoff, IT Sales Specialist at spanoff@utecit.com or (734) 434-5900.