Ransomware: what can you do to avoid paying the ransom?

Another day, and news of another ransomware attack. This time it was the Riviera Beach City Council in Florida, USA, which three weeks ago saw its data being encrypted and stolen by a group of hackers.

The leaders of the Riviera City Council decided to pay the ransom to regain control of their data – $600,000, that for a small city of 35,000 is quite a significant sum. Of course, by paying the ransom the city hopes to regain access to their data, but will they?

The complexity and severity of ransomware attacks continues to grow and unfortunately, public offices have become one of the primary targets. Hackers know that holding data hostage is an effective and easy way to extort money, because they know that some organisations like public ones have too much to lose and they will give in and pay.

Paying a ransom does not guarantee that the victim will regain control and access to the data. Often, when organisations pay the ransom, they find themselves still not being able to recover all the data, and, in a few cases the all data is lost.

A ransomware attack could also damage an organisation’s IT infrastructure, generating yet another financial burden when systems have to be rebuilt.

There are different opinions in the debate on whether organisations should or should not pay ransoms. Some experts believe that organisations should decide whether to pay the ransom depending on the level of sensitivity of the data, and they should not be criticised if they do end up paying the ransom. Others argue that paying the ransom creates a perverse incentive for hackers to continues with these kinds of attacks.

Covenco Recovery Services engineers believe that all companies should have “air-gapped” backups. If a company has air-gapped backups there is no need to pay the ransom as the backups can be restored and the ransomware deleted.

Companies tend to have a local copy and a Cloud copy of their data, so Ransomware attacks often hit both the local and the cloud copies as there is no gap between them. This makes an organisation vulnerable to having to pay the ransom.

Ideally companies should follow the 3-2-1 rule and have an Off-site backup that is not linked (i.e. air-gapped) to their infrastructure. This is prompting the return of off-site tape backups. Some of our current clients have just implemented Tape Libraries with Veeam for off-site backups.

An alternative is to have an infrastructure that is powered off when not backing up, so that it will not be compromised should a ransomware attack occur. However, if the attack happens during the backup process then all storage is vulnerable.

There is no guarantee that paying a ransom will result in your system being returned to a normal state. There is no guarantee a “time-bomb” hasn’t been left behind by the hacker. Give yourself options ensure you always have an adequate viable backup.