TO PAY OR NOT TO PAY?

Updated Feb2021. That is the question. Paying the ransom is a bad practice for several reasons. There is no guarantee that you’ll get the decryption key on payment. Cybercriminals do not have the key that decrypts the data. Ransomware is now readily available on the black market, so many take leaked sources of ransomware, modify the payment information. They never had the key in the first place, but criminals lie. 

The ransomware is not your only problem. If paying the ransom is your only option, then it’s a certainty that you have plans in place to restore your business. No disaster recovery plan means, that you won't recover fully from the attack, a known fact.

This means more potential data lock-ups, costly breaches and other cyber disasters leading to loss of confidence in your business, staff leaving, spreading rumours, customers going elsewhere.   Getting the decryption key will not solve all of your problems.

Break the cycle.

If you pay the ransom, you will be perpetuating a vicious cycle. The ransom will be reinvested by cybercriminals in producing other ransomware tools that will become an even bigger problem in the future for your organisation and others. If there’s no profit to be made, cybercriminals will not put more money into developing ransomware.
Prevention is truly worth a pound of ransomware cure. Prepare your company for the inevitability of cyberattacks— ransomware or otherwise— and you won’t have to face the difficult decision about whether or not to take money out of your budget to recover from an attack.
Numerous GAA club websites were spiked with ransomware in 2018. People lost 20 years of documents, precious photographs

WHAT DO WE RECOMMEND?

Now that we’ve told you what not to do, let’s take a look at what you should do to prevent ransomware and mitigate the effects of an attack.
Here are 10 simple tips to protect yourself from ransomware.

1. Back up your files regularly

The only way to ensure that you can immediately handle a ransomware attack is to implement a regular backup schedule so that your company can get access to the files it needs without dealing with the cybercriminals. Your backup should have certain restrictions, such as read/write permissions without an opportunity to modify or delete the files.

2. Check your backups

There are times when something can damage your files. Be sure to check regularly that your backups are in good shape.
 

3. Protect against phishing attacks

Cybercriminals often distribute fake email messages that look like an official message from a vendor or bank, luring a user to click on a malicious link and download malware. Never open attachments from an unknown sender or even suspicious attachments from a friend in case they have been hacked.

4. Trust no one

Or rather, trust but verify. Malicious links can be sent by your friends or your colleagues whose accounts have been hacked. Let employees know that if they receive something out of the ordinary from a friend, they should call that person directly to verify that they sent it and find out if their accounts have been compromised.

5. Enable the ‘Show file extensions’ option in the Windows settings

This will make it much easier to distinguish potentially malicious files. Because Trojans are programs, employees should be warned to stay away from file extensions like “exe”, “vbs” and “scr.” Scammers could use several extensions to masquerade a malicious file as a video, photo, or document.

6. Regularly update your operating system

Cybercriminals tend to exploit vulnerabilities in software to compromise systems. Automated Vulnerability Assessment and Patch Management tools, you are assured that your system will be scanned and that patches will be distributed regularly to keep your system updated.

7. Use Protection

No, it's not a sex programme but use protection. Modern robust antivirus program to protect your system from ransomware. Most products employ a multi-layered system of defence that checks malware from many different angles keeping you safe
But if ransomware hits...
 

8. Cut the internet connection

If you discover ransomware, shut off your internet connection right away. If the ransomware did not manage to erase the encryption key from the computers in question, then there is still a chance you can restore your files.
 

9. Don’t pay the ransom

If your files become encrypted, we do not recommend paying the ransom unless instant access to some of your files is critical. Each payment made helps the criminals to prosper and thrive to go on to build new strains of ransomware.
 

10. Try to identify the malware

If you are hit by ransomware, try to find out the name of the malware. Older versions of ransomware used to be less advanced, so if it is an earlier version, you may be able to restore the files. Moreover, cybersecurity experts, collaborate with law enforcement to provide file restoration tools online and, hopefully, detain the adversaries. Some victims can decrypt the files without having to pay the ransom. 

11. Anti-Phishing

Because phishing emails are usually the starting point for many ransomware attacks, Anti-phishing technology uses a multi-layered approach to protect against infiltration. First, it checks sites with the product’s local anti-phishing databases on the user’s device. Next, it checks URLs of sites against its own vast, continually updated database of phishing sites.
​
When a new malicious URL is detected on the computer, information about this threat is made available from the cloud database within 15-30 seconds of detection. Finally, heuristic analysis is an intelligence system that looks at dozens of phishing symptoms and compares them with other indications, classifying them based on known modern phishers’ methods.