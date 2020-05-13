Organisations could find themselves doubling the cost of clearing up after a ransomware attack if they pay off cybercriminals. According to a new survey for Sophos’ State of Ransomware 2020 report, the average cost of tackling the effect of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was more than US$ 730,000 (£593,000). This average cost rose to us$1.4 million (£1.1 million), almost twice as much, when organisations paid the ransom.
EXPERTS COMMENTS
Chad Anderson, Research Engineer , DomainTools
May 13, 2020
The best way to respond is to isolate the source of the attack.
I would like to say that companies should never pay, but we are seeing some situations where it is necessary to pay, and to do so quickly. Ransomware authors have been attacking hospitals and healthcare organisations during the pandemic, and when lives are on the line, a decision to pay might be best. Frequently though, payment doesn’t necessarily mean that files will be decrypted or that the ....I would like to say that companies should never pay, but we are seeing some situations where it is necessary to pay, and to do so quickly. Ransomware authors have been attacking hospitals and healthcare organisations during the pandemic, and when lives are on the line, a decision to pay might be best. Frequently though, payment doesn’t necessarily mean that files will be decrypted or that the attacker won’t leverage their foothold on your network to extract more funds. The best way to respond is to isolate the source of the attack (likely a spearphishing email), work with your IT organisation to put better monitoring and security in place, and only then deal with your ransomware problem. If you are going to have to rebuild your network and machines anyways, this is a great chance for teams to implement good network segregation, DNS-based filtering, and proper antivirus, if they don’t have it already. To mitigate the impact of an attack and to put organisations in the position of not paying, off site backups are key. Whether it is to an S3 bucket on AWS that does versioning, a file server in a colocation centre, or recorded to tapes and stored in a closet in another building, you have to have versioned, off-site backups. These should go in one direction only, or be designed with least privilege in mind.
Jamie Akhtar, CEO and Co-founder, CyberSmart
May 13, 2020
An organisation should always have three copies of its files stored in two different mediums.
Ransomware attacks are among the fastest-growing cyber threats (one report projected that in 2021, companies will fall victim to an attack every 11 seconds). The first and most important thing to do when you've been hit by an attack is to disconnect the infected device from your network immediately (that means turning off GPS, Bluetooth, WiFi, etc) and removing external hardware like USB sticks an ....Ransomware attacks are among the fastest-growing cyber threats (one report projected that in 2021, companies will fall victim to an attack every 11 seconds). The first and most important thing to do when you've been hit by an attack is to disconnect the infected device from your network immediately (that means turning off GPS, Bluetooth, WiFi, etc) and removing external hardware like USB sticks and SD cards. Next, you should make everyone else in the company aware of the attack with advice on how to identify and avoid the attack themselves. The safest recovery method then is to wipe the device and restore its system and files using your backup data. We really encourage making backups! But if no backups have been made, there are certain decryption software you can use to try to recover files that have been encrypted by the ransomware. Rather than connecting to the internet to download them (keep that device off the network!), use another computer to do so and copy them onto an external device you can plug in to install them. If you are able to recover your data, save it to the same external storage device to be added back on the device once it's been wiped. The 3-2-2 backup rule works well for protection. An organisation should always have three copies of its files stored in two different mediums at two different locations. At least one of these locations should be offsite (such as in the cloud).
