There’s no such thing as being “100% safe” from ransomware. That’s why every organization needs safe, timely, reliable backups as part of an overall data recovery plan. If you can contain a ransomware infection and restore your data from backups, you won’t need to bargain with criminals—or face the significant risk that you can’t recover your data even if you pay them.
Your 4 Ransomware Response Options
But what if you don’t have safe, reliable backups? Maybe the ransomware has encrypted your backups. Maybe you never made backups to begin with. In that case, you have basically four options:
- Chalk it up to experience and carry on. For most organizations this isn’t really an option, as doing so would put them out of business.
- Take a stab at decrypting the data yourself. There are multiple websites and projects aimed at supporting the do-it-yourselfer, like the No More Ransom Project. But this approach is time-consuming and success rates are low. Can your organization afford to remain offline while you experiment?
- Pay the ransom and hope you get your data back.
- Get help from a cybersecurity firm. There are many that specialize in ransomware remediation, including expediting the ransom payment. With this option, at least you’ll have all the facts about your specific recovery options, downtime and financial risk, etc. and can make the best business decision possible from there.
The “Never Pay” Debate
Here’s why the “never pay” debate is really beyond debate: If you have viable backups, there’s no debate because of course you’re not going to pay. If you don’t have viable backups, there’s also not much of a debate: you’ll probably need to pay up and get your data back ASAP. Otherwise you’ll likely face a long and expensive recovery.
Three recent municipal ransomware attacks illustrate these scenarios. The city of West Haven, Connecticut, with its IT systems at a standstill and no way to restore them, paid a $2,000 ransom to unlock its servers quickly. In contrast, the Onslow Water and Sewer Authority, which thankfully had a disaster recovery plan in place, was able to tough it out and restore is systems without paying. Then there’s the city of Atlanta, which refused to pay a $51,000 ransom demand and ended up needing over sixmonths and over $2.7 million (and counting) to recover.
It’s true that paying the ransom is problematic for many well-publicized reasons. But if you don’t have backups, or you can’t tolerate the cost and downtime associated with taking your network offline and rebuilding your servers from whatever backups you have, is not paying the ransom really an option for you?
The Best Option is Prevention
The obvious takeaway here is that ransomware succeeds only because organizations allow themselves to remain unprotected. You must take steps now so that your organization won’t be in a position where paying a ransom is the only option to recover your operations.
Make it your top priority to create and test a data recovery plan that includes safe backups. Cyber liability insurance that covers ransomware is another option that can reduce your risk by offsetting recovery costs—but it’s no substitute for timely, restorable backups.
To talk over a holistic, best-practice data security strategy that will protect your organization from ransomware attacks and minimize the damage should an attack breech your defenses, contact Pivot Point Security.