Before you are forced to deal with the unenviable position of a ransomware attack, understand that the best way to thwart these attacks are before they happen. Stopping ransomware generally includes three key areas: cybersecurity hygiene of your employees, proper practices by your IT department, and your data backup strategy.
By Bryce Austin, CISM
Seven people were seated around the table: the owner, the CEO, the vice president, the chief financial officer (CFO), the company’s chief information security officer (CISO), a special agent from the FBI, and a forensics technician.
“Don’t pay!” was the CEO’s vote. Same for the vice president.
“Pay it,” was the owner’s response. The CFO nodded in agreement.
“Paying could be a violation of federal law” cautioned the FBI representative.
The CISO had a hard time getting words out, as this was the largest ransom he had dealt with at the time: $1.2 million was a lot of money. “I don’t see another option given the status of our backups. Either we pay the ransom, or we begin liquidating the assets of the company as soon as possible. Which is the lesser of two evils?”
The CISO went on to negotiate the ransom down to $410,000 and amass the requested bitcoin. The cybercriminals delivered a decryption key, but 30% of the company’s data was gone forever: some of their hard drives filled up during the ransomware encryption process, and the encryption software kept running after the drives couldn’t hold any more data. Every file encrypted after that point was irretrievable. The total recovery took three months to ensure that no backdoors were left in the company’s systems; the lawsuit to get the insurance company to cover the incident lasted almost two years.
This was certainly a nightmare scenario. Before encountering such an unenviable position for yourself, understand that the best way to thwart ransomware attacks are before they happen. Stopping ransomware generally includes three key areas: Cybersecurity hygiene of your employees, proper practices by your IT department, and your data backup strategy. Here are eight ways to prevent a ransomware attack, and eight ways to recover from an attack if you fall victim to one.
If you should fall victim to ransomware, you will need the following:
(Note that most of these need to be done before an attack takes place.)
If all companies followed the recommendations above, ransomware cybercriminals would become a thing of the past. With proactive action and a good cybersecurity awareness training program for your employees, cybercrime is a solvable problem.
Bryce Austin, CISM, is CEO of TCE Strategy in Lakeville, Minn., a professional speaker on technology and cybersecurity issues, and author of Secure Enough? 20 Questions on Cybersecurity for Business Owners and Executives. For more information, please visit www.BryceAustin.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of PICPA officers or members. The information contained in herein does not constitute accounting, legal, or professional advice. For professional advice, please engage or consult a qualified professional.