Legal Ops Must Carefully Weigh Ransom Options After Cyberattacks

Be ready for more attacks in the future if you are thinking of paying the ransom after a ransomware attack. Even if you do pay, it is unlikely that all your data will be returned. If the ransom demand is much smaller than the cost of downtime per hour and the losses you face, though, paying may be the most financially responsible option, according to an article posted on Help Net Security.com.

If you are thinking of not paying, you are unlikely to recover all the data on your own, and the data losses could be catastrophic. You will need to assess the full impact of an attack before deciding whether or not to pay. The best course of action to prepare for attacks, however, is protection and resilience. This includes:

• educating employees on ransomware, how it gets into systems and how user accounts are targeted;
• running a regular patch management process, along with proactive “red teaming”;
• scheduling regular backups and regularly testing the backup and data recovery process; and
• implementing segmentation across networks and systems to stop attacks from spreading once attackers gain a foothold.

The overall focus of security programs must be to make it harder for attackers to breach your systems and make it possible to respond to attacks faster. Then you will know exactly what action to take without wasting time mulling over the question “to pay or not to pay.”