Welcome to #WeekendWisdom number 43. This week we’re going to talk about Paying The Ransom.
What’s brought you back to your favourite topic?
Late last month, the city of Lafayette, in Colorado, USA, suffered a ransomware incident. Now some reporting on this incident indicated that they had paid the ransom because they did not want to go through cleaning up of their systems after the incident.
Lots of people do that, right? So everyone just gets on with paying the ransom.
However the statement on their own website was quite contradictory to that. Yes they did pay the ransom but that was because they hadn’t adequate backups. So they did a cost benefit analysis and the cost of rebuilding the data as opposed to recovering it through paying the ransom was quite substantial.
Did they do anything else?
But they also did a lot of other things right in that incident. The first thing they did was to hire a Digital Forensics expert whose job would be to come in and determine how the incident occurred in the first place so that they could prevent it from happening again and also to determine if any data was breached as result of the incident.
OK, but they still have dirty machines, right?
They also then were carrying out cleaning and rebuilding of all affected servers and computers which is really a good idea and I would insist on that.
Also they were looking to improve their backups, so that they would never be in that situation again. So while it’s regretful that they did have to pay the ransom, they’re in a better position now for the future.
What does Paying the Ransom fund?
When you pay the ransom, you are funding organised crime. You are paying criminals who not only do cyber crime, but also human trafficking, drug smuggling, gun running, child sexual abuse, terrorism, etc. So paying the ransom really should be avoided at all costs. Put in place proper preventative measures to stop it happening.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*. We show people the types of phishing emails that are sometimes used to execute #Ransomware, but more often than not they break into a network through poorly protected Remote Access solutions. So we can advise on how to protect your organisation from these types of risks.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.