Key Points
- Ransomware attacks encrypt your data, making it inaccessible until a payment is made to the attackers
- Demanded payments are large and most commonly required in cryptocurrency of some form
- Payment does not guarantee data retrieval, or the avoidance of data leakage or future attacks
- If you are subject to a ransomware attack, contact law enforcement before taking any other action
Ransomware attacks can disrupt an organization at an existential level. Prevention is the best defense—once you have become a victim, positive resolution is by no means certain.
Quick Read
Recent years have seen a rash of high-profile ransomware attacks, including those affecting Colonial Pipeline and Kaseya. In a ransomware attack, malware either makes organization data unavailable or threatens to make it unavailable until a ransom is paid. Early on, payment was often demanded by wire transfer, but more recently payment has often been demanded in cryptocurrency.
Ransomware attacks begin as malware infection—the actual data encryption or lockout is done by this malware—and eliminating possible sources or avenues of malware infection is thus one of the keys to avoiding ransomware attacks. In practice, this means not only tools for malware detection, but also keeping software updated to avoid zero-day vulnerabilities and taking pains to ensure that safeguards and training exist to combat phishing and other email attacks.
Once infection occurs—even if data is not yet locked—organizations are at risk of data leakage or resale on the dark web, and at significantly increased risk for future attacks carried out through the use or reuse of the data that has been accessed. The majority of ransomware attacks now include some form of data exfiltration, often with data ending up for sale on the dark web.
Once data is locked, organizations are unlikely to recover all of their data unless a comprehensive backup strategy is in place. Even with payment, only a small minority of companies are able to eventually access all of their data again, and in some cases payment does not restore any data access at all.
The first step in responding to a ransomware attack is therefore not to make payment, but rather to make contact with law enforcement who can provide references to security specialists and specialists in ransomware negotiation that provide the best possible likelihood of successful resolution.
Further Reading
Thanks for reaching out! A Plurilock representative will contact you shortly.
What Plurilock Offers
More to Know
Prevention is Key
The best defense against ransomware is never to become infected in the first place. Policies that prevent malware infection of any kind are thus key. All software must be kept up to date to reduce exposure to vulnerabilities and comprehensive steps should be in place to ensure sound user behavior, including proper email and web browsing hygiene during work.
Full Data Recovery is Rare
Once a malware attack is in progress, full data recovery is rare, even with payment—so immediate payment is generally not the best option, despite what may feel like tremendous situational urgency.
