Never Pay the Ransom

While ransomware attacks are on the rise, your clients don’t have to be held hostage. Here are three steps for protecting their data and wallets.

4 Min Read
ransomware
Getty Images

We all remember the Colonial Pipeline attack, which netted criminals $4.4 million. The company’s CEO told Congress that the company had no choice–the attack’s impact on fuel supplies was too severe to avoid payment. However, a recent Gartner column cautions against this approach, and official guidance from the FBI recommends not paying. Why?

For starters, even if the cybercriminals make good on releasing your systems and data, it can take several weeks to recover, and some encrypted files may be completely unrecoverable. According to Gartner, on average, only 65% of data winds up being recovered.

Proper preparation can help companies avoid the question of paying or not paying altogether. If they can quickly recover the files and applications without paying the ransom, your clients can restore operations and avoid the financial hit.

“Unfortunately, the first time most organizations test restore is after they’ve been hit by ransomware,” says Mark Harris, Senior Director Analyst at Gartner.

Your clients must understand that they may eventually fall victim to a ransomware attack. Data from all sources indicate a rise in the number and severity of attacks. However, a proactive approach to detecting attacks and securing data and applications can significantly mitigate the potential for any damage or disruption in operations.

Specifically, there are three key steps you can take to help your clients protect their business against ransomware:

First, protect email systems. Like other cyberattacks, ransomware most often enters the network via a phishing email or credential theft. Offer your clients comprehensive email protection (like the Barracuda Total Email Protection platform) combining a traditional gateway with artificial intelligence (AI) technology that can detect and isolate potentially malicious communications the gateway would otherwise miss.

These email attacks are more complex and rely on manipulation rather than direct delivery of a malicious file. AI-based solutions can study normal email patterns and recognize anomalies. Additionally, end users should be trained to identify and respond to potential phishing emails using traditional instruction, phishing simulations and regular communications about emerging threats. Automating incident response and forensics can also help reduce the number of successful email-based attacks.

Second, secure your applications. Web applications are a top threat vector, with 90% of data breaches resulting from successful attacks on a web app. Clients should deploy web application security that’s designed to thwart these attacks, as well as a Zero-Trust access solution that provides greater protection than a traditional VPN. Role-based access to files and apps and network segmentation can also help reduce the scale of an attack if criminals should breach these defenses.

Third, provide clients with a robust backup and data recovery solution. One surefire way to avoid paying ransom to access data and applications is to make sure that data is fully recoverable. Clients should deploy a hardened backup solution that protects data at rest and in motion so that backups remain secure and accessible. Clients should back up all their data (both on-premises and in the cloud) and regularly test their backup security, accuracy and accessibility. Help your clients run through fire drill-style activities for data recovery, as well, so that they have a plan in place to restore operations before a breach occurs.

Paying a ransom to cybercriminals is a bad idea for a variety of reasons. Not only does it send the wrong message to other potential attackers, but there’s also no guarantee that the attackers will hold up their end of the bargain. And even if they do, ransomware victims may find themselves with incomplete or corrupted data and weeks of work ahead of them to restore operations.

Prepare your clients for a ransomware breach in advance by protecting their email systems, setting up robust data and application security, and having a solid backup and recovery solution in place. By implementing this plan, your clients won’t need to give ransom payments a second thought.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like