If I had a dime for every ransomware victim I’ve heard about in the past three months, I could retire a rich woman. Although we know what the threat is at a high level, its form continues to evolve in increasingly powerful ways, much like the Hydra Hercules struggles to slay. When you chop off one head, three more vicious ones grow in its place – along with misconceptions.
Terrorist and hacker groups are a dime a dozen now in countries like Ukraine, Pakistan, India, and China. Not only do we have the threat of foreign adversaries nipping at our heels, but we also have these groups functioning as ransomware call centers to swiftly extract as much money from victimized businesses and individuals as possible.
Did I come here just to scare you? Kind of. I mostly want to make sure you’re galvanized into action. So, I’m going to confront some common misconceptions I hear about ransomware.
Well, I hate to say this, but they are. You are easy, low hanging fruit to hackers now. They know you might not have the operational maturity or resources to have the right security functions in place.
Here’s the good news – if you have enough protections in place to frustrate your attackers, they’ll usually move on. It’s important to state that you should always be enhancing how you’re addressing all your vulnerabilities (don’t just do the bare minimum), but I’m just saying it wouldn’t hurt to not be the slowest person running from the bear.
It can be. But there are simple and powerful tools and practices anyone can implement for an affordable price. And trust me when I say that prevention is vastly cheaper than the cost of getting hacked.
Woah there, buddy. I think the FBI might have an issue with that. I’m also confident that a handshake deal with criminals isn’t legally binding – we’ve seen plenty of companies pay the ransom and still not get their data back.
I’ll give you half credit for this. If you’re confident enough in your backups that you think you can survive a ransomware attack, kudos!
…But I didn’t write this to leave you with a false sense of security, did I? There’s a lot that goes into recovering from a ransomware attack outside of just getting your data back up and running.
Depending on your industry, you may have to notify clients and cover identity/fraud protection for them. Bad actors love to sell sensitive personal data on the dark web. You may be fined for any instance of sensitive data loss. You might have to preserve your compromised environment and partner with law enforcement for forensic reasons. Recovering is a process, not a flip of a switch.
Cloud providers are not required to preserve your data, and there are lot of ways for bad actors to get access to your accounts, exfiltrate data, and lock you out.
Additionally, regardless of how much you have in the cloud, your computers are typically the first entry point for ransomware. You still need those to access your cloud programs, so we want to prevent your computers from getting locked up.
Those are some of the more common misconceptions I hear about why ransomware isn’t a major concern. I hope I dispelled some of these for you, and unfortunately, there are a lot more out there. If you have questions or concerns about it, drop us a line – we’re here to help!
Take Our FREE Ransomware Prevention Assessment
For more information or to schedule your free ransomware-proofing review, contact us by emailing info@mirazon.com or calling (502) 240-0404!