Ransomware attackers specialize in penetrating corporate networks, and sometimes specifically target a business’ backup systems, making it difficult – or impossible – to remediate the harm of an attack.
How You Can Help Protect Your Business
Prevention remains the defense against ransomware, and the pandemic has made it more important than ever for companies to guard against this threat. Experts suggest some commonsense steps to reduce the risk that your business could become the next victim of a ransomware attack:
- Keep your network patched and make sure all your software is up to date.
- Back up your systems regularly and keep those backups separate from your network. Use separate credentials for your backups so that even if your network is compromised, your storage remains secure.
- Practice good cyber hygiene. For instance, know what devices are attached to your network so you can identify your exposure to malware. Implement technical measures that can mitigate risk, like endpoint security, email authentication, and intrusion prevention software.
- Be prepared. Make sure you have an incident response and business continuity plan. Test it in advance so you’re ready if an attack occurs.
- Train your employees on how to recognize phishing attacks and other forms of social engineering.
Should A Company Pay A Ransom?
If you’ve been the victim of a ransomware attack, Step #1 should always be to contact law enforcement – for example, your local FBI field office.
The next question companies ask is if they should pay the ransom. If you have any other alternative, most law enforcement agencies don’t recommend paying. For one thing, paying the ransom doesn’t guarantee you’ll get your data back. On top of that, ransoms reward attackers and may further fund criminal enterprises in violation of the law. For instance, the U.S. Treasury’s Office of Foreign Asset Control recently issued a warning to all businesses that paying a ransom may violate OFAC regulations that prohibit financial support of sanctioned countries or regions. That means you could be fined for paying the ransom.