How to Avoid the True Cost of Ransomware

Recently, ransomware attacks on enterprise were all over the news. From the massive WannaCry attack in May 2017, which affected 300,000 devices worldwide (if not more), and the Petya (also known as NotPetya) attack in June 2017, it seems that there is no rest for the ransomware wicked. More than ever, businesses are aware that they need to have a ransomware game plan, and fast, because if not, they might find themselves in the headlines, having to take on the enormous costs of the attack aftershock, or worse – losing business due to system downtime and outages.

The wide-reaching effects of ransomware attacks on large corporations such as FedEx, Merck, HBO and Maersk are living examples of why it is important to avoid paying the true cost of ransomware remediation. The US pharmaceutical giant Merck was attacked by the Petya strain in June, yet still the organization is struggling to recover all its information and to account for the damages. The attack cost the organization billions in downtime, not to mention the significant funds required to staff around-the-clock IT experts, lawyers and PR reps to get business back on track. Global entertainment giant HBO was presented with a multi-million dollar ransomware demand this August, wasting billions in ad revenues for the company. These are just two examples that highlight the need for a review of remediation procedures, as well as ways to avoid paying the true cost of ransomware.

One of the easiest ways to avoid paying the true cost of dealing with a ransomware attack is simply not to pay the ransom. This may seem to go against organizational, or even your moral principles, but it has been established that paying the ransom seldom pays off. That’s because it’s unlikely that the hackers will release back all the information, upping the PR costs of dealing with potential media backlash, and, despite paying the ransom, showing a willingness to pay might brand your company as an easy target in the hacker community. But more than that, paying the ransom won’t prevent future attacks, because, in most cases, ransomware is distributed at random to any of the non-patched or vulnerable devices that particular strain is targeting. That’s why it’s a better idea to use the money that would go toward paying the ransom to shore up your cyber defenses, authentication tools and network firewalls.

Then there’s the issue of backups. Many organizations create a ransomware response plan that involves storing critical data on a secure server so that they can quickly bounce back from an attack. Yet while it is a good idea to back-up critical data, it’s possible that the back-up won’t recover all the information that’s in hackers’ hands. This presents threats to the stability and safety of your organization, and creates the possibility of a PR mishap (see the HBO example). In addition, the most recent ransomware attacks are targeting network-connected computers that have access to these back-ups, which means that attempts to fully restore systems are largely futile. So while back-ups are a good practice that should remain part of remediation plans, they shouldn’t be too heavily depended upon to get you back on your feet.

The bottom line: You need a multi-pronged approach to remediation.  If there’s one thing that can be said about ransomware, it’s that it doesn’t discriminate, which is why, more than ever, companies need to have the right remediation plan in place to avoid paying the true cost of ransomware attacks. A good place to start is integrating a solution that will allow IT professionals to remotely disconnect corporate devices from the network. This will help prevent the lateral spread of the attack throughout the organization, on both patched and unpatched devices (because the latest NotPetya strain targeted both). In addition, it’s important to have constant awareness of network areas at risk. This can be done by deploying a network access control solution that provides full visibility into devices, assess their level of digital risk to your business, and controls which devices are allowed on the network, and which aren’t.

To avoid paying the true cost of a ransomware attack, i.e. system and employee downtime, PR brand name damage as well as brand equity loss, and legal efforts and recovering data losses, your organization should consider a multi-faceted remediation approach that integrates a network authentication and endpoint control solution, allowing for business continuity with customers and partners.

Find out more about Portnox’s Rapid Ransomware Control & Response Solutions.