The harsh reality of ransomware. This scene is quite typical to me. A person is working on their computer, and it goes wild. Generally, the computer screens go blank, and a message appears demanding payment in cryptocurrency to regain access to your systems.
People's hearts sink as they realise they have fallen victim to a ransomware attack. Then they call us to ask what they can do.
Pay or not to pay?
It's a problem. The Australian government wanted to make it illegal to pay the ransom, but like so often in Australia, it bogged down into the too-hard basket, so they are amending their ideas.
You should notify the Australian Cyber Security Centre (ACSC). One advantage of doing that is that if some of your data does get out because of the attack, it may protect you from some privacy laws. The other point is that if you decide to pay for ransomware, it strengthens your case with the ATO for a valid education.
Both benefits are dubious here. Ransomware software rarely means the people who gave you the ransomware get your data. I have never heard of any of my clients who paid the ransomware getting knocked back by the ATO. The ATO might knock it back, but I am still waiting to hear about such a case.
Putting aside the legality of paying it, I wish to point out why you should not pay the ransom, why it isn't the solution, and discuss better ways to protect your business.
You Might Not Get Your Data Back
Consider the people you are dealing with. What guarantees do you have that you'll recover your data once you pay? The odds are you will not get your data back.
I have seen people pay the ransom and get little or nothing back.
Ransomware attacks often damage your data.
After an attack, you see that most of the data on the hard disk is damaged. They are trying to encrypt locked files on the computer. A computer locks these files regularly because using them damages them, but ransomware software does not care. It needs to act quickly, so these files are damaged. So, a fix is unlikely to get all your information back.
Ransomware attackers are not honest people.
They know hacks can often break their attacks, making them hard to collect. A typical scenario makes it seem like they can retrieve your data but cannot. They also know you need a remedy after paying to enforce their promises.
Ransomware attacks often leave a persistence mechanism
Commonly, ransomware leaves something behind, like a backdoor, a hidden method for gaining access to a compromised system, or a reinfection mechanism that activates after a specific time has elapsed.
For this reason, if we are fixing a computer, we take the data, do a complete wipe and then reinstall everything on the computer.
Studies of people who have paid
Several studies have been done on people who paid the ransomware. They confirm our observations. Only very few victims who pay get all their data back.
Here is one study: 8% of those who paid got their data completed back. On average, those who pay only recover about 65% of their data. A staggering 29% of businesses recover less than half their data after paying.
These statistics paint a grim picture. Even if you decide to pay, there's a good chance you'll still have significant data loss.
Once Bitten, Twice Shy? Not for Cybercriminals
If you think paying will make the problem go away, think again. Cybercriminals are persistent; if you pay, they know you are a sucker, and so they often target you again. It worked once; they think it may work again.
78% of organisations that paid a ransom were hit again, often by the same attackers. Less than half (47%) of businesses that paid got their data back uncorrupted. /
Paying the ransom is like leaving your shop unlocked after a break-in – practically inviting them back for more.
The Hidden Costs of Ransomware
Paying the ransom isn't just about the money you hand over. There are other significant costs to consider:
Downtime
Every minute your systems are down, you're not serving customers, which can lead to substantial revenue loss.
Reputation damage
Trust me, you look terrible to your suppliers, customers, and the public. That is why so many people try to hide that they were attacked. It is a PR disaster.
Protecting Your Retail Business from Ransomware
Now that we've seen why paying isn't the answer, let's discuss how to keep your business safe. Prevention is always better than cure, especially when it comes to cybersecurity.
Ransomware prevention
Keep your POS computers updated.
Ensure you're running the latest version of your software. Those updates aren't just for show – they often include critical security patches that can protect you from the latest threats.
Be wary
Do not open suspicious emails and links. Stay vigilant. Be careful what you allow on your computer.
Use a virus scanner
I know it slows down your computers, but they often do work.
Back up your data
Regular backups are like a safety net for your business. If you get hit, you can restore your data without paying a cent to criminals. Ensure your backups are stored securely, preferably off-site or in the cloud, which means we can make a data recovery.
What to Do If You're Hit
If the worst happens and you find yourself staring at a ransomware demand, don't panic. Here's what to do:
Disconnect infected devices
Stop the spread by immediately switching off the computer. Pull the plug.
Contact us immediately
We can run over your options with you. Remember, as long as you have your data, in the worst case, we can send over a new computer with a system on there. Put your data on that computer, and you're back in business.
That computer needs to be wiped clean
We do it as a matter of course. Everything on it needs to be wiped clean.
The Bigger Picture
Ransomware attacks are more than just an individual business problem—they're a significant issue for us all. By protecting your business, you're safeguarding your interests and contributing to our overall cybersecurity.
