In light of the recent discovery that the University of Calgary paid $20,000 to regain access to its data after a ransomware attack, there below a comment from David Emm, principal security researcher at Kaspersky Lab.

David Emm, Principal Security Researcher at Kaspersky Lab:

David Emm“The recent news that the University of Calgary has paid $20,000 to regain access to its data is another example of how terrifying a ransomware attack can be for a large organisation. The university will of course be holding sensitive information about its students and staff and will have made it a priority to keep it safe, no matter the cost.

However, paying the ransom is unwise, primarily because it does not guarantee that the corrupted data will be decrypted. There are also a number of ways things can go wrong even if the company decides to pay the ransom, including bugs in the malware itself or actions by a system administrator that make encrypted data unrecoverable, IT infrastructure damage and/or downtime, legal consequences due to information loss and damaged relations with partners and customers.

In addition, if the ransom is paid, this validates to the cybercriminals that the ransomware is effective. As a result, cybercriminals will continue to find new ways to exploit systems and could lead to additional infections targeting that individual user or company.

Many users believe the threat is unbeatable. Businesses and individuals are not aware of the technology countermeasures that could help to prevent infection and the locking of files or systems; and by ignoring basic IT Security rules they allow cybercriminals and others to profit.

Backing-up data is a key safeguard in mitigating a ransomware attacks. It’s vital that businesses and individuals alike backup their data regularly, so that if they do fall victim to ransomware, they don’t lose data. Backups should be made to offline storage, since the data on any storage device connected to the computer at the time of infection will also be encrypted. Having a backup is vital to mitigate the effects of a ransomware attack; together with other measures designed to block malware and prevent attacks.”

Information Security Buzz