Should you pay the CryptoLocker ransom?

Every day, companies fall victim to ransomware viruses like CryptoLocker or Cryptowall that lock your data and hold it hostage. No matter your industry or company size, this assault can debilitate your business. Without proper protections and visibility, you could be left with few options for confronting your attackers – and you might be forced to pay ransom to regain control of your data.

But here’s what’s surprising about this situation: if you paid the attackers off, you wouldn’t be alone in your approach. In fact, some industry authorities are even recommending you pay the ransom to get the ordeal over with.

The FBI discusses ransomware, response tactics

Recently, Joseph Bonavolonta of the FBI’s CYBER and Counterintelligence Program spoke about dealing with ransomware at the 2015 Boston Cybersecurity Summit. Bonavolonta warned conference attendees that ransomware threats had become so complex, in many cases, the FBI now advises companies to pay the ransom needed to unlock their data.

As recently reported in The Register, Bonavolonta isn’t the only security expert supporting this course of action. Stu Sjouwerman, chief executive of security awareness training firm KnowBe4 and author of a manual about rescuing data from ransomware, said the FBI’s guidance makes pragmatic sense for companies that aren’t keeping updated backups.

Activity monitoring, content search and backups are key to overcoming ransomware

The best way to reduce the damage and costs of CryptoLocker and other ransomware attacks is to actively monitor file activity, and regularly backup and protect your data. By monitoring file activity on a near real-time basis, you can be alerted any time there is a sudden spike in file updates – which may indicate ransomware moving through your system.

Once you’ve been alerted to the potential existence of a ransomware virus infecting your system, solutions such as data-aware storage can help your team confirm its existence, locate the entry point of the attack and gauge the extent of the damage. Using file search capabilities, you can quickly find files containing common ransomware virus keywords to locate the user who inadvertently introduced the virus to the network, and then use file activity visualizations to identify the files and folders that the infected user has touched. Then, DiscoveryPoints or other backup methods drawing from fault-isolated locations can readily and instantly restore your data, overwriting the infected files and eliminating the need for your team to cooperate with your data’s kidnappers.

If you’re not prepared with data-aware storage, security or backup, the FBI’s advice is certainly valid – compared to the amount of downtime and recovery your business will suffer following a ransomware issue, paying to regain your data’s control may be the most painless course of action. However, if you’re prepared to locate and address an attack from the beginning while protecting and recovering your data, you won’t need to cooperate with your attackers.

Learn more about how to recover from ransomware with data-aware storage.

  Like This
Jeff Boehm

Jeff Boehm

Jeff Boehm was the vice president of marketing at DataGravity for 2 years. Jeff brought more than 20 years of experience with a rare combination of marketing skills, organizational leadership and technical background to DataGravity, having shaped the BI and search markets working for industry pioneers and disrupters.