The National Cyber Security Centre, a cyber arm of UK’s GCHQ, has handed over some guidelines to businesses desiring to stay away from ransomware attacks. Citing an example of a UK based firm that was struck by a ransomware gang two times earning them close to £10 million, the government setup security organization advises not to pay when a ransomware strikes a database.
Going forward, according to a report released by NCSC, last month an organization operating in UK paid a ransom amounting to £6 million to hackers in exchange of the decryption key. However, the company was struck again within a gap of two weeks, making it pay half the ransom again to free up its database from the file encrypting malware.
Experts from NCSC say that the victim paid the ransom for the first time. But failed to analyze the incident on how the threat actors entered the company’s network. And this gave a second chance to hackers to infiltrate the same database for the second time.
British Law enforcement has cleared the air that it does not encourage members in bowing down to the demands of hackers for ransomware payments, as there is no guarantee that they will return the decryption key.
Instead, the law agency says to raise the defense line of a network from the depth using a fool proof strategy like taking data backups from time to time and maintaining them in such a manner that they can be used witnessing no downtime in data access.
Also, filtering down malicious content from being spread to devices by using mail filters and internet security gateways also makes sense.
Unfortunately, if the database gets targeted, then isolating the infected devices from the network makes complete sense as it avoids spread of ransomware in the computer network. Then wiping of the malware through proper tools and reinstalling the operating system makes complete sense.