New York, North Carolina, Texas, and Pennsylvania are considering a ban on businesses making ransomware payments after some high-profile attacks against Colonial Pipeline and JBS Meats last month. The reasoning on banning the payments is because many feel, including the FBI’s Chris Wray, that paying a ransom encourages criminals to continue with more ransomware attacks.
While it is true that paying a ransom does encourage more ransomware, legislation that bans the payment of ransom will likely end up hurting businesses that did not invest in good cyber security measures up front. Not being able to pay for those companies could mean the end of their business.
I have heard anecdotally about a small business owner who was struck by ransomware and decided to pay the ransom in bitcoin, rather than close the business, as requested by the cyber criminal. The problem: when questioned by the bank why the individual needed to draw so much money out of the account, that individual told them they needed to buy bitcoin to pay the ransom. The bank immediately froze the accounts and would not let the individual take money out to fund “criminal activity.” After scrambling to get loans from friends and family, the ransom was eventually paid.
The lesson here is 1) don’t tell the bank you are paying a ransom, and 2) even if you try to criminalize payments, people will always find a way to make the payment. By banning ransomware payments, it just drives businesses to be more covert about payments and breaches, the opposite of what we need to try and stop ransomware.
While it seems to be impossible to stop ransomware, there are certain steps organizations can take before ransomware hits to ensure you can recover without needing to pay a ransom. Here are 4 steps you need to consider taking before ransomware strikes.
- Data Backups
Always ensure you have backups of your most important data and ensure it is stored offsite and offline to protect it from a ransomware infection. And always have more than one backup copy in different locations you can restore from, in case of flood or fire.
- Cyber Awareness Training
A well-crafted phishing email can often deliver a big ransomware payload onto your network, Once an employee has unknowingly clicked the malicious link, ransomware is now downloaded onto that employee’s device, and will soon replicate though the network. With ongoing cyber awareness training, employees will be more cautious about what links they click on and what files they download.
- Anti Virus and Anti Malware
This is an absolute must. While new strains of ransomware are created everyday, this will help detect and stop the majority of ransomware attacks. Look for software that can prevent ransomware that include features like signature matching of known bad malware, behavioral analytics, file reputation evaluation, IPS, download protection, and device control.
- Vulnerability and Remediation Management
Patching vulnerable systems is also very important in terms of keeping cyber criminals out of your network. Many cyber criminals have also been able to install ransomware on a network via an unpatched vulnerability.
While ransomware is a big problem, and paying a ransom does make the problem worse, a ban on ransomware payments will not make ransomware go away. Ensure you protect your business by investing in cyber security protection. If you need help fortifying your network, contact Uzado and speak to one of our cyber security professionals.