Ransomware - a malicious software designed to block access to a computer system until a sum of money is paid. It encrypts files stored on the user's computer or mobile device and renders it unreadable by the user or the device. In order to restore it for normal use, a decryption key is needed to unlock the file.
In a survey, it was found that the average cost of cyber crime attacks in the United States amounted to USD 17.36 million in 2016. Second-ranked Germany averaged USD 7.84 million in damages per company attack. According to the survey, business disruption was the most costly consequence of a targeted cyber attack on their business.
Such huge costs are incurred in paying extortions and it is expected to get worse if awareness and better regulation is not laid down from a grass root level.
But still how does one deal after being hit by a malware? Should one pay or not?
Amit Nath, Head of Asia Pacific - Corporate Business at F-Secure Corporation advises against paying the ransom. He says that while paying the ransom is one way to regain control of your computer and data, the real remediation begins before you ever get hit – by taking regular backups. That way, if you do get attacked, you can relax – and restore everything from the backups.
“Furthermore, even though most ransomware lives up to its promise of decryption and returning control of your computer, this may not always be the case. You may end up paying and still being left without access to your files and computer,” he adds.
Views of Aaditya Uthappa, Director - Enterprise Business, Paladion Networks seem to resonate with Nath’s as he also suggests not paying the ransom.
“Well, paying the hacker may get your data back but, there have been cases where the decryption key never arrived or, failed to decrypt the locked files. Additionally, it encourages criminals to attack at a larger scale as the money would be utilised to increase their scale,” he adds.
While not being slave to such extortions seems legit, but if not to pay or the release of data then how should one respond to a successful malware attack?
The first step should be to disconnect the device from the internet and contain the infection as much as possible by disconnecting the affected device from any network.
Post disconnecting the device Amit Nath lists the following steps to deal with such an attack.
- Scan all connected devices and shares for similar flaws and additional threats. Not only should other connected devices and shares be checked for infection by the same threat, but also for any other threats that may have been installed on the side.
-If possible, format and reinstall the device. For larger companies, it may be more expedient to simply wipe the affected device clean and start afresh. Alternatively, there are removal tools available for specific ransomware families.
-Reinstate data from backups. If available and clean, the affected data can be restored from backup files. It may be more efficient to restore files in network shares or cloud storage first, to maintain continuity and productivity for other users.
-Use incident response findings to reassess attack surface. Based on the results of investigations into the incident, update any relevant security precautions or systems.
-Report the incident to the appropriate local law enforcement authority. Each country handles incidents of electronic crime differently, but in general most national law enforcement agencies urge companies to report incidents and avoid paying any ransom demanded.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
