Businesses that have been hit by a ransomware attack have bigger problems than they realise, according to Palo Alto Networks, who says they must consider an entire security audit.
A full audit will help organisations avoid jeopardizing their businesses, the security firm says.
Ransomware is a cyberattack that encrypts business information so that users can't access the files, effectively locking the business out of its own systems and data. The attackers then demand a fee to unencrypt the data, returning the systems to normal.
“Quite often when an organisation is hit by a successful ransomware attack, business leaders think if they pay the money that will be the end of the story,” explains Gavin Coulthard, systems engineer, Palo Alto Networks. “In fact, it's quite the opposite,” he states.
“If cyberattackers got through your defences in the first place, chances are you have bigger problems with your security competencies,” Coulthard says.
“Then, if you pay the ransom, you identify yourself as a business that's willing to pay and it's highly likely the attacker will keep coming back for more,” he explains.
“It's also important to remember that once your data is taken, the attackers can do what they like with it, including selling it or using it to fuel subsequent attacks on you and your customers. Your data can appear all over the internet for other cybercriminals to use or for your competitors to see,” adds Coulthard.
Palo Alto Networks recommends the following five tips if you are hit with a ransomware attack: 1) Have back-ups of everything: if you are targeted, it's important that you're not reliant on the information being held. 2) Communicate the risks with staff: make sure ransomware attacks aren't successful by making your team aware of ransomware and instructing them to avoid clicking on unknown links or emails, which could generate an attack. 3) Audit your security: if you are attacked, you should complete a full security audit to ensure there are no further risks or malware lurking in your systems. 4) Be aware of specific times of year: Christmas and tax time are considered high-risk times for businesses to suffer a ransomware attack. During a time when lots of online transactions are happening, and people may be less wary of emails from people they don't know, attackers can socially-engineer recipients to click on attachments or links to trigger an attack. 5) Don't pay: if you are attacked, do not pay the money. This only entices the cybercriminals to repeat the attack, since they now know you are willing to pay, which will create bigger problems for you. Instead, ensure you have adequate backups so you can live without the encrypted data and conduct an immediate security audit. “Businesses must understand that a ransomware attack is the canary in the coalmine: it's a warning sign that your security is not up to scratch,” says Coulthard.
“It's important to react quickly and calmly to ensure another attack doesn't occur. Simply paying the ransom will not be the end of the attack, so revert to backed-up information and tighten your security immediately.”