Every system administrator lives in fear of a ransomware attack. Files turn into gibberish. Mocking messages appear on screens, explaining how to pay for recovery. Managers face a dilemma: to pay or to stand defiant?
If you pay, you’re giving in to a crook and helping to finance more attacks. If you don’t, you could have a lot of work to do while your systems lie useless. It would be nice to say “Never pay,” but that’s not always realistic. However, you should look at all the alternatives before sending any money.
The Cost of Paying
Giving in to ransomware’s demands carries more costs than just the amount paid out. First, you’re helping to finance crime. They’ll use the payment to hire coders for even nastier malware, or they’ll buy more machines to send it out.
You’ve declared yourself a willing target. Nothing stops the extortionists from coming back with additional attacks. When you’re hit by a ransomware attack, there’s almost certainly still malware on your system. If you don’t remove it, your machines will be vulnerable to whatever the criminals want to do next. It could be more ransomware, theft of confidential data, or use of your servers to send spam.
If you pay, you might not get your files back. Some operators have no intention of paying, Some are caught and shut down. Their file recovery software may or may not work properly.
Alternatives to Paying the Ransom
It isn’t always necessary to pay to get your files back. Go through the following checklist before panicking.
Are the files really lost? Some ransomware is really bluffware. All it does is lock up your screen, and it’s easy to recover from. You could be paying for nothing.
Do you have a current backup? If you have a good backup process, you probably have recent versions of all your files. You can recover them without paying anyone. A couple of warnings, though: (1) If the backup is a directly connected disk drive, it may have been encrypted too. (2) Get rid of the malware before restoring your files, or you may have to do it over.
Can you recover the files with some help? A lot of ransomware types have been cracked. A security expert may be able to restore your files without assistance from the ransomware gang.
Can you reconstruct the files? Reconstructing the lost information is generally laborious and expensive, but it can be a more reliable option than paying and hoping you get the files back.
When You Have to Pay
Sometimes taking the high ground isn’t possible. If you go through all the alternatives and none of them help, and if the cost of taking a long time to recover is prohibitive, you may have to pay. This is particularly true if people’s health or safety is at risk. That’s why ransomware operators like to target hospitals and government systems.
You should learn about the kind of ransomware that has hit you before deciding. Some operators work to maintain a reputation for restoring files on payment, since that makes victims more willing to pay. Others may already be out of business, in which case paying is hopeless.
Even if you pay, you need to run a thorough check on your systems for malware. It’s almost certainly still there. You need to improve your system security to prevent another attack. Paying the ransom doesn’t spare you those costs.
Preventing the Situation from Arising
If you’re well prepared, you won’t have to face the payment dilemma. Having good network security will keep most attacks from succeeding. It will guard against all forms of malware, not just ransomware. Usually, ransomware comes in through fraudulent email. Having good spam filters and training employees in security practices will stop most attempts.
An up-to-date, offline backup is valuable against all kinds of data loss. Files can disappear or be corrupted not just because of ransomware, but also from physical disasters or user error. Having a backup and a recovery plan will get your systems working again when you suffer data loss. Contact us to learn how we can help you to improve your system security and set up data recovery.