If Ransomware did get into a network 31% of companies say they would pay the hackers to regain access to their data. This figure is from an ESET study of 200 security professionals carried out at Infosecurity Europe in June 2015. The percentage seems high to me, but maybe a lot of companies have not got robust backup and data recovery processes that would allow them to recover critical data files.
What happens if you do pay the hackers; do they supply the recovery codes straight away, or in a few days time, or never? And do the hackers just come back and do the same attack a short time later so you need to pay again? If you do know please make a comment on this blog.
A good way to find out how your company would cope is to use a Ransomware attack as the scenario for the next test of your Incident Management or Business Continuity plan.
Other things you could do include:
- Looking at the impact of a Ransomware attack on each information assets – update your risk assessment
- Defining the steps for dealing with a Ransomware attack- create a simple policy statement
- Review how data is backed up and the recovery process