New reports show ransomware is on the rise from last year. Zscaler, a cybersecurity solutions company, released a recent report indicating that ransomware is up almost 40% in attacks from last year. The United States also saw the most ransomware attacks accounting for almost half of them worldwide. Manufacturers were number one in attacks and those in the Arts, Entertainment, and Recreation industries saw the largest increase of attacks.
Ransomware has really changed over the last several years. When it first really hit the scene, the attackers would encrypt the data on your devices or servers and hold your data hostage. They would decrypt your data once you paid the ransom. Having accurate data backups that you could restore from became critical.
As time went by, attackers realized that many organizations just restored from data backups and no longer paid the ransoms. This changed the modus operandi of attackers. Ransomware attacks may still encrypt your data, but now the attacker threatens to publicly release your data if you do not pay the ransom. This means, even if you had data backups, they would no longer matter as the attacker has your data and will sell it on the darkweb.
The new attack method has really changed how organizations can respond to ransomware attacks. Previously it was easier to just restore your data and move on. Now that is not as simple.
Pay the ransom?
Knowing your data will be leaked if you do not pay the ransom makes this decision more difficult. Should you pay for it? Can you afford to pay for it? What happens when you pay for it? Will your data still be released? These are all questions you need to ask yourself before paying anything.
The answer is not so clearcut, it takes weighing all the options for your individual situation, but it is critical to remember that just because you pay the ransom does not mean the attacker will not release it anyways. Because of this, it makes it hard to want to pay the ransom, but doesn’t mean it’s an automatic no.
Preparing before it happens
Having a game plan prior to falling victim to ransomware is a must. This means working with an attorney, your insurance provider, cybersecurity or IT team, and with leadership of your small business. Every situation is different so it is important to have several plans in place and to regularly discuss the risk of ransomware. Your small business may also not have some of those people mentioned, but it is still important to prepare and plan for ahead of time.
So while ransomware is on the rise, don’t panic but plan. To learn more on ransomware and other cybersecurity threats, trends, and topics with a focus on small business, check out Small Business, Big Threat!