10 mistakes companies make in their ransomware responses
From the headline-making incident in May that impacted Colonial Pipeline to this month’s hit on Kaseya, ransomware attacks have been nothing short of a plague on businesses in recent months. While they aren’t new, they are certainly capturing the public’s attention and raising eyebrows among lawmakers.
To pay or not to pay the ransom is a hotly debated issue. While most security professionals oppose paying, in certain situations it might make the most sense.
“Everyone says ‘no,’ but it really depends on a case-by-case basis,” says Steven Schwartz, director of security consulting at Eze Castle Integration. “At the end of the day, you need to get the business back up and running. Colonial paid nearly $5 million in ransom to decrypt its computers. That was a business decision – they needed to get their pipeline back up and running.”
Payment is just one of many issues to contend with while under the duress of a ransomware attack. Following are some of the common mistakes organizations make when it comes to ransomware response.
Mistake 1: Failing to Contain the Malware
Many organizations start focusing on how to recoup the encrypted data before taking the essential step of ensuring the malware does not spread further.
“The first thing [organizations] do wrong is not making sure they completely eradicated the original attack vector and getting that root cause analysis of how it started and confirming it’s not expanding,” says Eze Castle Integration’s Schwartz. “You must make sure to clear your environment to eliminate the risk of falling victim to the same attack twice and paying a double ransom.”
To read the complete article, visit Dark Reading.