We’ve become so dependent on technology that a major ransomware attack can completely shut down many organizations, ranging from small businesses to major corporations. This can leave decision makers scrambling to find out what their options are. This article summarizes all the possible ransomware options and their pros and cons.
Ransomware Options: Navigating a Crisis
Unfortunately, when it comes to ransomware attacks, there are sometimes no good options. Making the best decision sometimes means making the “least bad” choice. What that choice will be, depends on multiple factors, including:
- the nature of the organization experiencing the attack,
- the type of ransomware, and
- the extent of the attack.
For example, some businesses can handle extended downtime and repeating lost work without losing clients. Ransomware attacks are more common than ever— one survey showed that 85% of companies experience at least one attack per year. The positive side of this is that people are increasingly understanding about delays caused by ransomware attacks. In some industries, like the healthcare sector, having systems offline for an extended period of time is simply not an option. There is no “one size fits all” ransomware recovery option. With that being said, let’s consider the possible ransomware options, starting with the best possible outcome.
Restoring from Backup
If your organization follows any kind of cybersecurity best practices, you have some kind of backup policy. The best possible outcome of a ransomware attack is to find out how the hackers infiltrated your network, fix the problem, and restore the encrypted data from a backup. The problem is that hackers know this, too. Hackers will sometimes spend weeks or months watching a network to encrypt any backups before launching an attack. Even if the backup is not encrypted, if backups are not frequent enough, even restoring from an earlier backup could mean losing a huge amount of work. In many cases, and especially if your organization has some good cybersecurity practices in place, the network is not completely encrypted. The amount of encryption
Recreating the Data
One thing to keep in mind is that it may be possible to recover some data through emails, text messages, and other communications which are not stored on your servers. Going through these files and communicating with clients and partners and requesting data from them may make it possible to recover or piece together a lot of the lost data.
Decryption
Decryption would be ideal, but realistically it is almost never an option. It’s also important to be very cautious about anyone who tells you it is— there are a number of scammers out there that will tell you they can decrypt your files. Most hackers use military grade encryption, which cannot be cracked even by quantum computers. In a few very rare cases, hackers will use outdated ransomware which has a key that has been released to the public. A coalition of law enforcement agencies actively works to shut down ransomware gangs. Sometimes, when they do, they will gain access to keys and release them to the public. A list of the ransomware variants that have decryption keys available to the public can be found here.
Bite the Bullet
If your backups are too out of date or have been encrypted, the best option may be to just start from scratch and repeat all the lost work. While this is usually the most difficult option, it is also the more ethical option. Paying ransoms encourages hackers, so while paying a ransom may solve your problem in the short term, it can make the ransomware epidemic as a whole worse.
Pay the Ransom
Paying the ransom is the worst option in many ways, because it means rewarding criminals for their crimes. However, in some cases, it simply makes economic sense. Some organizations refuse to pay on the basis of principles even when it means a bigger economic loss, but being principled is sometimes a luxury that not everyone can afford.
When paying a ransom, it’s important to be aware of the history of specific ransomware gangs. Some gangs will break their promises and demand additional payments. Consulting with ransomware recovery experts can help to identify the track record of specific groups of hackers and navigate the process safely and legally.
Another advantage of working with ransomware recovery experts is that they can help to find out what caused the security breach and patch it, as well as advising on how to prevent future attacks. BeforeCrypt has successful handled hundreds of ransomware cases, ranging from small companies to large corporations. We offer qualitative ransomware recovery services and help you determine what the best options for you are, and get you safely and securely back to work as quickly as possible.