Today’s article about ransomware is brought to you by guest blogger, Scott Templin, Cyber Risk Advisor with Lachesis, LLC.

WHAT IS RANSOMWARE?

Ransomware is a form of malware, short for malicious software, that is designed to encrypt files and render a system unusable. Ransomware typically targets sensitive information that the hacker then threatens to sell or leak. The victim company is given the option to pay the ransom to protect the information and restore their systems.

Ransomware incidents can impact businesses by removing data that is critical to operating, introduce increased costs to pay the ransom or purchase new equipment, and causing negative brand value by being associated with a data leak.

 HOW DO WE PROTECT OURSELVES?

• Train employees – Training employees on the dangers of phishing and to avoid opening links or attachments that are suspicious.
• Keep your software up to date
• Use two factor authentication – Good passwords are important, but making sure bad actors can’t get in even with a password is better.
• Back up your files – In the event that files become corrupted you can then restore from a backup. Be sure to test these backups frequently.
• Silo your networks -By properly separating networks you can ensure that a breach in one does not allow the whole system to be compromised.
• Use a next generation antivirus -Lachesis suggests SentinelOne which allows you to rollback and decrypt files in the event of a problem

HAVE A PLAN READY.

Just like you have a disaster recovery plan, you should have a plan in place to respond to a ransomware attack. Putting the plan together should be specific to your business since an accounting firm may have different priorities than a manufacturing business. There may be certain agencies or people you need to notify in the event of a breach. You will also want to determine what systems were affected and isolate them immediately.

If your company has not yet put a plan in place, then it can be helpful to work with others who have been through the process and can tailor a response for your specific business. Lachesis specializes in finding the right solution and our cybersecurity assessment is a great start to understanding the steps you would need to take in the event of an incident.

THE BIG QUESTION: SHOULD YOU PAY?

The worst has happened, and your company is now a victim of a ransomware attack. Should you just pay them off?

While paying the ransom is a largely unpopular method of recovery, each organization is going to have to make the best choice for their business. Paying may lead to getting your files back quicker and limit overall disruption.

 That being said CISA, MS-ISAC, and federal law enforcement do not recommend paying a ransom as there is no way to ensure your data will be decrypted or that your system will no longer be compromised.

Hopefully, by having a better understanding of ransomware and taking the proper steps to protect your business, you will not have to make this decision anytime soon.

Protecting from ransomware or malware is just one step in the constantly evolving process of evaluating your business’ cyber risk profile. Please reach out for a deeper dive into how Lachesis can provide insight to vulnerabilities that threaten your business every day.