• OUR BLOG

Best Strategy Against Ransomware: Let it Happen

2016-08-23

Recently a client of ours raised ransomware as one of their concerns, and since there has been some coverage on these type of attacks, I'd like to weigh in on this.

Ransomware attacks are generally targeting personal workstations, so have nothing to do with the web applications we are hosting for you.

 

If you are managing data in your organization, the best protection you can have as an end user against ransomware is:

a.) Prevention: increase the barrier for viruses to take control of your work station by mandating anti-virus software on workstations.

b.) Mitigation: prepare for the case that your work station may get compromised anyhow.

For a) - you can check with your IT service provider and your personal security settings whether you have adequate anti-virus protection installed on your workstations.

However, I suggest b) mitigation is actually a much better approach to managing ransomware attacks.  

ransomware protection, website security, risk mitigation, web app securityThere is one advantage to ransomware: it is generally not operating in stealth mode, meaning the whole purpose of ransomware is to disclose itself to the end-user with a demand for payment in return of not deleting data on the user's machine.

It is this fact which suggests the best protection against ransomware attacks is to assume they will happen. What better answer to a blackmail attempt than "go right ahead, delete my data, I don't care"?

Thus, I propose that you view your work stations as a dispensable, non-critical piece of equipment. As long as your email, documents, and settings are backed up and stored with a cloud service, you will not need to be worried about ransomware attackers holding your workstation 'hostage'.

A simple factory-reset or switch to a new work station will get you back up and running within a couple hours. Last but not least, never pay the ransom!

For more information on app risk management and mitigation, see our post here.