Paying to recover stolen data from ransomware groups will only get your organization caught up in a vicious cycle. Paying ransom and resuming operations is not a guarantee that these groups will stop attacking your system. They can do so at any time and will continue to threaten to leak your data should you refuse to pay up.
Here’s the newest plot twist: Ransomware hackers will encrypt a victim’s data twice at the same time. They will notify some ransomware victims about the double encryption threat at once. In contrast, others will only see one ransom note and only find out about the second layer of encryption after they’ve paid to eliminate the first.
Ransomware groups usually operate on a revenue-sharing model. One group builds and maintains a strain of ransomware and then leases out its attack infrastructure to “affiliates” who carry out specific attacks. These cybercriminals have one goal: to get the most profit with the least amount of effort.
Should your company be a victim of a ransomware attack, know that there’s a possibility that ransomware groups won’t supply a decryption key at all. The rise of the double encryption strategy raises the additional risk that if you do pay, you can decrypt the files once but then discover that you need to pay again for the second key. Moreover, decryption keys are likely to corrupt data. These keys are known to crash, requiring data recovery to start over or manual inputs to continue the process. Either way, it adds to both recovery cost and downtime.
Don’t pay up; just back up. Here are five ways to strengthen your data backup strategy:
- Review and update backup policies
Complete a thorough audit of all your data locations. Keep in mind the 3-2-1 rule: make three copies of your data, store these across two different forms of media and keep one copy off-site. Isolate off-site data from the business network to prevent ransomware from encrypting it.
- Air gap data
Keep a copy of your critical data offline, disconnected, and inaccessible from the internet.
- Back up data regularly
How often does your IT team back up data? Review backup frequency policies, especially in off-site locations (including the cloud). IT teams should also assess how long they keep the backups, especially air-gapped data.
Keep separate backups for critical business systems to make data recovery easier.
- Ensure backups are clean and robust
Businesses should do what they can to make sure their backups are not infected with malware. Up-to-date malware detection tools are essential, as is system patching.
Limiting user access to critical data enhances security and can stop the spread of ransomware from the beginning.
- Test all plans and recalibrate if necessary
Testing all backup and recovery plans is critical to calculating recovery times and establishing whether data recovery is possible.
ImageQuest works with Bowling Green, KY businesses to fight ransomware attacks by developing state-of-the-art protection against these malicious threats. ImageQuest’s solutions protect rapid-growth, high-target organizations, and their assets with risk and vulnerability assessment capabilities. Get in touch today to learn more.
ImageQuest is the top cybersecurity service provider in Bowling Green, KY, and supports more than 5,000 technology users in 29 states. Visit their website or call 502-400-3300 to learn more.