What to Do When Ransomware Attacks Your Organization
Ransomware has become one of the most significant cybersecurity threats to companies, regardless of their size or industry. When it hits, organizations are suddenly faced with the choice of paying a ransom to regain access to their files or reverting to backups.
The most common form of ransomware encrypts files, making them inaccessible and requiring a key only the attacker knows to decrypt them. Victims are then notified via a lock screen (common to both encryptors and screen lockers) that their data will be made public or destroyed if they don’t pay the ransom. The malware can even be used to steal and sell information, such as credit card numbers, a practice known as “ransom-for-ransom” or even sensitive internal documents.
Despite the obvious financial incentive, paying a ransom doesn’t guarantee recovery. In fact, Kaspersky reported that 20% of businesses that paid a ransom didn’t get their files back. Moreover, collaborating with criminals can make the problem worse. Criminals aren’t in the file recovery business; they’re in the moneymaking business, and the decryptor they give you may only work well enough to say that they held up their end of the bargain.
When you’re attacked by ransomware, your first step should be to call law enforcement. They’ll be able to leverage partnerships with international law-enforcement agencies, which can locate stolen or encrypted information and bring perpetrators to justice. They can also warn you of the risks associated with a payment and offer guidance about whether it’s necessary.