Today’s ransomware campaigns have evolved from what we have seen in the past. While ransomware can still be easily obtained on the dark web and by attackers that have little to no technical skills, we are also now seeing it being used for more than just making money.
In some cases, ransomware is used as a diversion to keep staff occupied while the attacker accomplishes even more nefarious objectives, as well as campaigns that encrypt entire networks and delete backups, leaving entire organizations at the mercy of the attackers.
Should We Pay the Ransom?
When backups have also been compromised, or if the time and resources required for data recovery and getting systems operational exceeds the cost of the ransom demand, victims are faced with a difficult decision: should we pay the attackers in the hopes we can more easily recover our data and get back to business?
“The conventional recommendation is to never pay a ransom. However, security professionals are beholden to the business’ financial interests and its key stakeholders — which may mean going against conventional wisdom,” states Forrester’s Guide To Paying Ransomware* report.
“Forrester has been tracking a notable increase in ransomware payouts. After examining several of these cases, we now recommend that even if you don’t end up paying the ransom, you should at least consider it as a viable option.”
Ransomware attacks are impacting healthcare facilities, entire municipalities, corporate networks, manufacturing operations, critical infrastructure and more. When human life and safety or critical public services are on the line, in some circumstances it might make sense to pay a ransom demand.
BlackBerry® Cylance® offers best practices for attack prevention, network architecture, internal IR workflows, vulnerability and patch management, and assessment of both internal hosts and externally facing services.
Our solutions have a proven Predictive Advantage where we have deployed malware conviction models in customer environments with the ability to detect and block attacks an average of more than two years before the attack was first detected in the wild (source: SE Labs).
Expertise for Ransomware Negotiations
Unfortunately, the case remains that some organizations contact us for Incident Response services only after they have already been the victim of a ransomware attack or other form of compromise.
Our Professional Services team has the expertise required to navigate the process of executing a ransom payment, expertise that are quite unique. Dealing with ransomware attacks requires years of experience regarding exactly how to communicate, negotiate, and manage expectations with the attackers to bring the incident to a successful resolution.
In addition, the majority of victims don’t have cryptocurrency stockpiles on hand for when ransomware strikes, finding it can take weeks or more to accumulate sufficient levels of cryptocurrency via the public exchanges to pay an average ransom. BlackBerry Cylance can act as an intermediary and facilitate payments via third-parties, allowing victims to respond rapidly to a ransomware demand.
“Ransomware negotiation specialists regularly help organizations recover from ransomware attacks and can help identify the business case for paying,” the Forrester Guide states.
“They bring not only a wealth of knowledge about specific types of ransomware, but they potentially even have experience with the specific actor you’re dealing with. Forrester has identified six companies that specialize in this capability…” And that list includes BlackBerry Cylance.
Endpoint Prevention and Response
If your organization has been the victim of a ransomware or other form of cyberattack, you can contact BlackBerry Cylance’s expert Professional Services team immediately here or call 1-888-808-3119.
If your organization wants to proactively prepare for attacks and assume a prevention-first security posture, our experts can provide gap analysis to assess your environment against industry and vendor best practices, incorporating well-known security frameworks into the assessment process to round out the organization’s enterprise security strategies.
We have pioneered automated prevention built upon an unrivaled Artificial Intelligence (AI) platform designed to arm your security teams with an agile solution to prevent advanced threats pre-execution, fileless attacks, and zero-day attacks on every endpoint – and it does not require regular updates or reconfigurations.
That power of prevention is coupled with our highly scalable endpoint detection and response (EDR) solution for root cause analysis and threat hunting, making BlackBerry Cylance the most comprehensive solution available today.
*Report is available to Forrester subscribers or for purchase.