Web Analytics Made Easy - Statcounter
Securing Your Strategy: Preparing for Ransomware Attacks and Payment Dilemmas

Securing Your Strategy: Preparing for Ransomware Attacks and Payment Dilemmas

Would you be prepared to make a Ransomware Payment?

Another year has passed, more Ransomware gangs have been taken offline by law enforcement, yet the anticipated decline in ransomware and double extortion attacks remains elusive. The frequency of these attacks has grown to the point where we are almost desensitised to their occurrence.

However, amidst this growing familiarity, individuals and companies caught in the midst of such attacks are forced to make rapid and challenging decisions, ones they likely never envisioned having to confront. In this article, rather than delving into the moral debate of whether to pay or not, we will delve into the pragmatic realities surrounding the decision to pay a ransom and how to prepare for it pre-emptively.

The Dilemma of Payment

Addressing the question of whether to pay a ransom is inherently complex. As I sit down to write this, I’m struck by a discomfort, a feeling often associated with the conflicting moral considerations inherent in ransomware payments. Morally, it’s universally agreed that paying criminals is undesirable, as it perpetuates criminal activities and exacerbates societal challenges. Just as the formal policy of “Never give into terrorists” when they are trying to negotiate with the authorities, the same policy should stand for ransomware. Additionally, there’s uncertainty regarding where the funds ultimately end up and for what purpose. However, this article won’t dwell on the moral intricacies of crime, ransom, and its societal repercussions.

The lack of comprehensive insight into the ransomware landscape renders much of the discourse surrounding ransom payments speculative at best and unsupported at worst. Nonetheless, there’s been a notable surge in organisations opting to meet attackers’ demands, giving rise to an entire industry dedicated to facilitating such payments.

Despite the discomfort associated with this trend, it’s crucial to examine proactive measures to enhance resilience and response capabilities in the event of contemplating a ransom payment.

Preparing for the Decision

Confronting the prospect of paying a ransom necessitates pre-emptive discussions within your Crisis Management Team (CMT). Such conversations are imperative to navigate the complexities of this decision space before being cornered into a dire situation.

Key considerations for these discussions include:

  • Willingness to pay under what circumstances?
  • Who will negotiate for the company and do they have the correct skill set and experience of dealing with criminals?
  • Authorisation protocols for ransom payment.
  • Review of insurance policies concerning ransom payments.
  • Logistics of acquiring cryptocurrency for payment.
  • Setting up crypto or bitcoin wallets.
  • Logistics of sending cryptocurrency for payment.
  • Limits set on how much money can be changed by cryptocurrency exchanges, following know your customer (KYC) money laundering policies.
  • Financial thresholds for CMT decision-making, to pay without involving the Board?
  • Preconditions for payment and assurances from attackers.
  • Storage of these plans (Offline) so they are useable and not available to the threat actor.

Engaging in these deliberations beforehand, albeit daunting, offers clarity and control in the face of a potential crisis. Make sure all key stakeholders from the C-suite down are involved and have an input. Difficult to consider, but consideration should be given to insider threats, who might use this information against you.

Conducting Due Diligence

Conducting due diligence on the attackers might seem ironic given the circumstances, yet it’s essential to mitigate post-incident repercussions. Identifying the ransomware group is crucial for assessing their credibility and potential compliance with agreements.

Key considerations in due diligence include:

  • Assessing the ransomware group’s track record.
  • Evaluating legal implications of ransom payments, including sanctions.
  • Evaluating media implications of ransom payments, including the impact from the media and public if identified as having paid a ransom.
  • Understanding regulatory constraints on ransom payments.
  • Reviewing insurance coverage and third-party assistance options.

Developing Comprehensive Plans

Preparation is paramount in mitigating panic and ensuring effective response during a ransomware incident. Developing detailed plans and playbooks, coupled with regular exercises, strengthens organisational readiness.

Key components of effective preparation include:

  • Simulating ransomware scenarios and response procedures.
  • Identifying vulnerabilities and refining response strategies.
  • Providing decision-makers with clear options and contingencies.
  • Establishing a point of no return to guide critical decisions.

By adopting a proactive approach and fostering preparedness, organisations can navigate the complexities of ransomware incidents with greater resilience and efficacy. While the moral debate surrounding ransom payments persists, pragmatic planning and strategic readiness offer tangible solutions in confronting this evolving threat landscape.