Pay the Ransom? We Say No!

One of the more insidious developments in the world of malware is ransomware: hackers not only infect your computer, but demand payment to remove their malware so you can access your own files again. Now the FBI says that the best solution for businesses infected with ransomware is to simply pay up (read the story here).

We disagree. While it may be tempting to take the path of least resistance and what seems the shortest route to getting up and running again, these hackers are like any other kidnappers: there’s no guarantee that your payment won’t be followed by another demand for more, and no guarantee you’ll actually get your data back.

Worse still, the “passcode” you purchase with your ransom doesn’t remove the infection. It gives you access to your instance of it, but no assistance in its removal.  Even a “successful” ransom transaction leaves you in a place where you’ll be spending thousands of dollars (or tens of thousands, depending upon how widespread the infection is) to clean the infection, restore your server(s) to health and/or rebuild your server(s) and workstations from scratch.

Most importantly, if you have a current backup of your data, you don’t need to pay.  You may lose a day or more of work depending on how frequently your backups are run, but rebuilding and restoring from a ransomware infection means days of lost time in rebuilding network infrastructure and user workstations.

To give just one example, a Cryptowall infection is not something that’s removed with a simple utility. An infection means days of restoration and returning workstations to their previous customized states … far worse than losing a day’s work to a backup restore.

Are there exceptions? If you don’t have a current and viable backup, you may have no choice but to pay the ransom to avoid having your vital data sold to the highest bidder.  And we have heard of successful recoveries from these attacks by booting to a rescue disk created by an antivirus program … again, only possible if you’re prepared with a rescue disk ahead of time.

So what should you do instead of paying the ransom? Be prepared before a ransomware attack happens:

  • Have current, tested backups that you know to be good, not just of your data but of the entire computing environment. Pro tip: this is not a “set it and forget it” item … backups need to be checked and test-restored regularly.
  • How many backups per day? The question here is not, “How much will it cost?” but “How much data can you afford to lose, and what will it cost to restore it?”
  • And of course, the best solution for a ransomware infection is not to get one in the first place. Make sure your antivirus/antimalware solution is up to date, and even better, put an OpenDNS solution in place to stop intrusions before they ever reach your network.

The key, as always, is to be pro-active and not wait until you have a big problem.  Contact us to discuss the preventive solutions that make sense for your business.

Albert BlaizePay the Ransom? We Say No!