Blog

8 Costly Mistakes Businesses Make When Responding to Ransomware Attacks

Did you know that a ransomware attack occurs every 11 seconds? In fact, Ransomware attacks affected 37% of businesses last year and the downtime due to ransomware attacks averaged 21 days. What’s even worse is that the average ransom has grown from $5000 in 2018 to $200,000 in 2021.

To add insult to injury, 80% of businesses who became a target of ransomware attack submitted a ransom payment and experienced another similar attack soon after. 60% lost revenue while 53% said that their brand reputation took a hit. Only 46% got access to their data but most of it was already corrupted, as shown by ransomware statistics,

In this article, you will learn about eight costly mistakes that businesses make while responding to ransomware attacks.

8 Costly Mistakes Businesses Make When Responding To Ransomware

1.   Not Having Incident Response Plan

Most businesses take a reactive approach to cybersecurity which comes back to haunt them. They wait for things to go wrong and then react. Instead, you should have a proactive approach to cybersecurity. Create an incident response plan so you know what to do in case of a cyberattack. This saves you from knee jerk reactions. Most importantly, it will help you significantly reduce downtime and ensure business continuity faster.

2.   Failure To Contain Malware

Most ransomware attacks infect your business with malware. If you fail to contain that malware, it can wreak havoc on your data and systems. Swartz from Eza Castle said, “The first thing organizations do wrong is not making sure they completely eradicated the original attack vector and getting that root cause analysis of how it started and confirming it’s not expanding. You should mitigate the risk of falling victim to the same attack twice and paying a double ransom.” By containing the malware, you can limit the damage and minimize the impact of a ransomware attack.

3.   Storing Backups at Wrong Places

As the number of ransomware attacks keeps on increasing, businesses have started taking backup seriously. Most businesses think that if they have a data backup, they are safe from ransomware attacks, which is not the case. If your data backup is stored at the wrong location, you won’t be able to access it when you need it the most.

In most cases, data backups are stored off-site and not connected to the network to keep them free from malware infections. However, this very measure makes the data tough to access. When you are under a ransomware attack, expect a time-intensive recovery as you will have to restore a backup of each system one by one. Store your data backup at a place where you can easily access it when you need it.

4.   Not Telling The Law Enforcement Agencies

One of the most common mistakes most businesses make is they don’t inform the law enforcement agencies about a ransomware attack. According to Adam Darrah, Director of Intelligence at Vigilante, “Not only can this investigative personnel assist with imaging compromised machines, but they may have access to decryption tools, necessary cryptocurrency to facilitate payment, or other techniques and resources to recover encrypted information.” By informing law enforcement agencies, you can make it easy for them to catch the real culprit in the future as these hackers are involved in multiple such offenses.

5.   Letting Fear and Panic Getting the Better of You

Since most businesses lack an incident response plan, they don’t know what to do and how to react to a ransomware attack. This creates panic and fear in the entire organization. Even if the organization has an incident response plan in place, fear and panic can put them off it. They might end up making hasty decisions which cost them even more. That is exactly what cybercriminals want you to do so they can capitalize on your missteps to achieve their malicious goals.

6.   Spending a lot of Time on Finding Decryption Keys

When you come under a ransomware attack, the attacker will make your data inaccessible by encrypting it. This means that if you have the right decryption keys, you can decrypt your data and get it back. This is why most businesses start finding decryption keys online. Cybersecurity experts suggest that there is little to no benefit in spending time looking for decryption keys. This tactic can only work if you are targeted by an already known ransomware.

According to Wayne Pruitt, a cyber range trainer at Cyberbit explains. “Most ransomware attacks are using asymmetric encryption with public or private keys. These keys are usually target-specific and the decryption key for one organization is different from another. The chances of finding the decryption key your organization needs are slim to none. If you try a decryption tool using the wrong key, you risk damaging the files beyond recovery..”

7.   Fighting Ransomware Alone

If you are struggling to deal with cyberattacks, it is always a good idea to seek help. Invest in DDoS protection and ransomware protection. Sadly, most businesses don’t do that and try to fight ransomware alone, which makes their job even more difficult. Not all businesses have mature processes and large security teams. Going at it alone can be tough. It is highly recommended that you hire an incident response provider because they have the experience and skills to deal with these attacks.

8.   Not Learning From The Past

Let’s say, you have become a victim of a ransomware attack once. It is important that you learn from your past mistakes. Identify the security vulnerabilities which lead to the compromise and fix them as soon as possible so you don’t become a victim of a ransomware attack in the future. It also gives you the opportunity to improve your security defences. Train your employees to deal with such situations and test the effectiveness of your cybersecurity defenses with mock attacks.

Which is the biggest mistake you have ever made while responding to a ransomware attack? Share it with us in the comments section below.

Add comment