Step one: be vulnerable. Step two: pay the ransom.
There’s a very good reason everyone and their dog recommends you do not pay the ransom if you get hit with ransomware- you’re making yourself a much larger target. The whole objective of ransomware is to get money out of you; giving them money makes it more appealing to hit you again, after all, you paid once right?
Putting it in Perspective
In a standard business model, there’s a customer or client, and there’s the business. Once the business gets a customer or paying client, they want to retain the business. To translate that to ransomware, YOU are the customer or client. They want to retain your “business”, or rather, your victimhood. To do this, they often install backdoors in your system, or create a system of “persistence” so you cannot get them off your network easily.
Furthermore, most victims who pay do not usually upgrade their security, as the money that would have gone toward that has now gone to paying the villains in the scenario.
But What if They Promised to Leave Me Alone?
That is a valid question, some ransomware developers will leave you alone after the fact- but that’s the smallest proportion. Even if they leave you alone, that doesn’t mean other ransomware developers or even users of RaaS (Ransomware as a Service) will- word will get around that you’re a soft target willing to pay.
But They Encrypted Everything, What Now?
This is unfortunately the scenario that Intrinium has run into quite frequently when assisting victims recover from ransomware- there is no good answer. If you are lucky, going to a professional may net you your encrypted or destroyed backups, or there may already be a decryptor available. There are teams working around the clock to try to keep up with the ever-growing numbers of cyber criminals choosing ransomware as their weapon.
Let’s Stop This Before It Begins.
There are 4 rules that we recommend following when you’re hit with ransomware:
1: Do not turn off the machine. Disconnect it from the network instead by turning off the wifi or unplugging the ethernet cable.
2: Check the extent of the infection and disconnect all affected devices.
3: Report the incident to your IT team, your security team, or to your boss.
4: Contact a professional team to assist you in remediation.
Taking a step back, however, there are a couple things to do so you can actually prevent a catastrophe that may have you wondering if you need to pay to get several business-critical files back online. The links below will walk you through what you need to know
If you’ve been hit with ransomware, or know someone who has been, please do not hesitate to reach out to us. We would love the opportunity to help you get back on your feet, and ensure you’re protected for the next time.