Should you ever pay up to ransomware criminals?

Slim chance of data recovery

Amichai Shulman, CTO and co-founder of Imperva, says that his firm has tracked payments to culprits through Bitcoin and this indicates that people are actually paying in a desperate attempt to get their data back. "However, the chances of getting your data back after paying the ransom are slim," he warns.

Hawthorn adds that as companies utilise more cloud services, mitigating the risk of ransomware attacks becomes more complex. "They must remain vigilant of the applications in use across the enterprise, ensuring that they have the relevant security features to prevent hackers from getting their hands on sensitive data in the first place," he says.

Data in danger

Threat avoidance

As always prevention is better than cure and another way to avoid the threat is through better education of users.

Mark James, security specialist at ESET says that emails are one of the biggest weapons used in cyber-attacks and "ensuring your staff are aware of the latest scam methods or subject definitions will help to keep those to a minimum".

He adds that having tiered network access could limit the damage of ransomware but is not always practical. "Showing hidden file extensions can help to spot the onset of ransomware and lastly you could consider using one of the crypto-prevent toolkits that are available by third-parties to monitor or block access to the most used locations that ransomware uses," says James.

The most recent file-encrypting ransomware (CryptoLocker, CryptoWall and TeslaCrypt) are virtually impossible to unencrypt without the key. Steve Nice, chief technologist at Node4, says that one tactic to avoid trouble is to do all your browsing through a virtual machine. "If you do get infected then it's only the virtual machine that has encrypted files," he says.

Inside-out security

Detecting and stopping ransomware requires an inside-out security approach. Cindy Ng, technical analyst at Varonis, says that IT security must look to block phishing emails or at least educate employees about this threat, restrict access to social media, monitor network connections to known Command and Control (C2) URLs/IP addresses, and watch for malicious processes.

She adds: "But the real key to fighting ransomware is to take a closer look at what the attackers are after – these are the files and emails that employees create and view every day. This unstructured data is the largest data set in most organisations, often the most valuable, and, unfortunately, the least controlled."