What is the best response to a ransomware attack?
21 June 2021
Ransomware is a growing threat as seen with the recent incident involving meat processing company JBS paying the equivalent of $11m (£7.8m) in cryptocurrency to cyber hackers. Dr Budi Arief, a cyber-crime expert from the University's School of Computing provides comment on how to best manage a ransomware attack or avoid one altogether. He said:
'The latest incident involving JBS demonstrates the real difficulties faced by victims. To pay or not to pay has been one of the key dilemmas, and this is indeed a tricky question to answer.
'As a security researcher, I would definitely recommend not to pay the ransom demand, due to two main reasons. First, by paying, you are indirectly funding cybercriminal activities. Cybercriminal gangs would be emboldened by getting paid, and they would continue or increase their attacks. Second, there is no guarantee that you would be able to recover everything, nor would you be immune from being attacked again. If anything, if you had paid the ransom demand before, it would make you more attractive for the ransomware operators to attack you again.
'Sometimes there is no other way for victims apart from paying the ransom demand, because the recovery costs would be too high, or the business would suffer terribly. If you decided to pay, it is imperative that you also patch all of the security vulnerabilities that allowed the ransomware to infect your system in the first place, because otherwise you might become a victim of the same ransomware gang again.
'It might be possible to recover some of the ransom money – as shown in the case of the Colonial Pipeline ransomware attack – but this is still quite rare and it would rely on the ransomware operators being inexperienced or sloppy.
'The best defence is by following a set of key security hygiene, such as employing regular and effective backup of your data; applying security patches; and making sure that you do not let ransomware get into your system in the first place, for instance by not clicking on potentially malicious links or opening suspicious email attachments.'