While the FBI won’t be impressed if you pay ransomware demands in order to get your systems or data back after a cyber attack, its updated ransomware guidance contemplates that this might just be the outcome of an attack anyway.
The FBI’s softening in this regard takes into account the reality of a cyber attack – of course businesses aren’t keen to pay the criminals who caused the crisis in the first place, but without an ability to quickly and cheaply restore from backup, the business has ground to a halt. We saw an example of this kind of disruption earlier this month when an attack forced several Victorian hospitals offline and led to the cancellation of some elective surgeries (which we blogged about here).
In its guidance, the FBI cautions that paying ransom to cyber actors contains serious risks, not the least of which is that payment of ransom will not guarantee access to systems and data – they cyber actors may just take your money and run. Other risks also stem from the inherent difficulties in dealing with unscrupulous individuals – they might demand further payment, they may target the organisation once again, and making ransom payments generally encourages criminal behaviour.
The ease of which ransomware can infect a network – and the fact that it can happen to anyone within the organisation – once again reiterates how critical it is to train users not to click on links and open attachments in unsolicited emails. While firewalls, spam filters and anti-virus/malware programs can weed out ransomware emails, it may just boil down to how “street smart” users are when receiving unsolicited emails.