While taking all measures to keep infrastructure secure is essential, there are times when organizations do not have an option but to pay the required sum to the ransomware attackers. Therefore, organizations should follow best practices that will enable them to recover from a ransomware attack at the best possible odds.
The ransomware ecosystem has immensely flourished in the past couple of years. While organizations were accustomed to worrying about these attacks, their intensity has significantly amplified due to vulnerabilities exposed by accelerated digital transformation initiatives. In fact, as per “The State of Ransomware 2021” from Sophos, 73% of organizations that suffered from a ransomware attack in 2020 admitted that cybercriminals succeeded in encrypting their data in the most significant attack. Even though the number has been reduced to 54% of cybercriminals who succeeded in encrypting their data in the most significant attack, the uncertainty in the enterprise environment may increase the volume again.
Organizations have been investing heavily to secure their infrastructure. This investment in the latest tools has enabled them to strengthen their infrastructure and address the vulnerabilities. However, as ransomware attacks continue to advance, it will be difficult for organizations to keep up with them. Therefore, it is critical that organizations have robust ransomware negotiation strategies in case they suffer through one.
Also Read: Defending Against the Risk of Compromised Cloud Accounts
Being prepared before a ransomware attack hits
To keep the negotiation in their favor, organizations should thoroughly prepare themselves before they suffer through ransomware attacks. IT leaders and business executives should inform and train their employees to not open ransom notes. Employees should not click the inside link as it will start a countdown when the payment is required. By not clicking on the note, it can provide organizations sufficient time to know which parts of their infrastructure have taken a hit, what are the consequences of the attack and the cost that they may have to pay to the cybercriminals.
Organizations should establish the necessary negotiation goals that include consideration of backups as well as ransom amounts to be paid in best and worst-case scenarios. Additionally, they should establish internal and external communication lines concerning crisis management teams, legal counsel, and the board of directors. Furthermore, organizations should also take steps to understand the strategies of cybercriminals to identify if a decryption key is available.
Also Read: How Enterprises Can Build an Effective Cybersecurity Work Culture
Approaching the negotiation process
By arming themselves with the required knowledge, organizations will be in a better position to enter a ransom negotiation. A few approaches they can incorporate to lessen the damage include:
- Given the critical nature of the situation, organizations should be respectful in conversations and should carry professionalism throughout the negotiation.
- The representatives should ask the cybercriminals for more time. They should utilize this time to find possible solutions to recover.
- Instead of delaying the timing of ransom, organizations should offer to pay a small amount early on instead of a larger one further down the line as the cybercriminals are known to take discounts in favor of making a quick profit and moving onto the next target.
- Organizations should refrain from telling the threat actors that they have a cyber-insurance policy in place. Additionally, they should ensure that they do not save cyber insurance documents on any of the servers.
The threat of ransomware attacks is not going away anytime soon. While investing in the latest tools and technologies should be the top priority, organizations should also have a ransom negotiation process in place. Not only will this enable them to lessen the damage but also help them better prepare for circumstances in the future.
For more such updates follow us on Google News ITsecuritywire News