Do NOT pay the ransom

The number one threat to UK businesses remains ransomware; in 2022 we are seeing an increase of ransom payments to criminals. Ransomware victims believe they are faced with an agonising dilemma; either paying the ransom or taking significant risk in retrieving encrypted data with or without the expertise of an incident response company. More victims in 2022 are favouring to pay the ransom, either due to lack of adequate data backups, or they believe it is a cheaper and safer route to resolution.

DO NOT PAY A RANSOM.

Paying a ransom does not guarantee you access to your data; you are putting blind faith into the same criminals that stole your data to honour the transaction and without tampering

or deleting your data or providing you a “functional” ransomware decryptor. Paying a ransom sends a message to criminals that you are willing to pay, and they could sell on this information to others.

The NCSC (National Cyber Security Centre) and ICO (Information Commissioner's Office) have investigated this shocking statistic and have found that businesses are paying ransoms after receiving legal advice. The NCSC and ICO have written a joint letter to the Law Society and Bar Council to remind members that the recommendation to clients is to refrain from paying a ransom in the event of a cyber-attack. The ICO have clarified that ransom payments will not be considered as risk-mitigation for harm to individuals whose data may be involved in a cyber-attack or data breach, therefore, paying a ransom will not reduce penalties incurred. The ICO recognises risk mitigation where businesses try to fully understand and learn from an attack, have raised an incident with the NCSC where appropriate, or can demonstrate compliance with NSCS guidance. The ICO also recognise that penalties should be reduced if businesses engage with a cyber incident response company. It is tempting to pay a ransom to quickly restore services, but it is crucial to remember that the UK government neither supports nor condones this approach.

Ransomware attacks start long before you notice their impact, once they are in your system they often lie dormant for a specific period, or until a particular date; the only way to try and mitigate this is to prepare and protect your systems, and plan how you will respond to an attack. If you have reached the stage of deciding whether to pay a ransom it is already too late.

Prepare and Protect your business by employing a Cyber Security Service to review your technology to highlight areas of weakness, and employ a Security Operations Centre to constantly monitor your environment and alert you to vulnerabilities in your estate. Understand how you protect your data, implement strategies to allow for rapid recovery with minimal data loss with acceptable recovery point objectives.

Plan how you will Respond if the worst does happen, a plan for an immediate response, a plan for recovery, a plan to get you back to work.?

A managed SOC and Incident Response Plan is the best way to reduce the risk profile of your business and potentially mitigate cyber-attacks including ransomware. A managed SOC such as Nightingale https://www.crosswordcybersecurity.com/nightingale can help; Nightingale constantly monitors activity on your network, infrastructure and cloud platforms to look for attacks, Nightingale will let you know what vulnerabilities exist in your estate, and help you develop an incident response plan specific to your business. In the event of an attack Nightingale will help you respond, give guidance and step in to help you reduce the attack surface and retain critical data for use by authorities. The goal of Nightingale is to minimise the potential impact and potential data loss, and in case of an attack get you back working as soon as possible.

Protecting your organisation goes beyond deploying solutions, your employees are on the front line. All businesses should be training their employees on how to spot and protect themselves from potential attacks. Social engineering is the main cause of the initial attack, from nefarious websites that prompt you to install software, emails that encourage you to click a link, or even a phone-call where a criminal attempts to get onto your machine; a managed SOC, like Nightingale, can alert you to employees accidentally starting a successful attack.

You can start protecting your organisation right now. Start with protecting your data by understanding your backup strategy and test that it works. Start with deciding to improve your cyber security posture by employing a managed SOC and developing an incident response plan. Start by talking to us about Nightingale. Prepare, Plan, Protect, and Respond.

Remember, do not pay a ransom.?