Ransom Demands: What Happens If Victims Pay or Don't Pay?In Either Ransomware Scenario, Focus on Practicalities, Says Kroll's Alan Brill
If your organization gets hit by ransomware, what should happen next?
Some victims may have working backups that attackers didn't touch and can wipe and restore their systems. Others may explore the possibility of paying attackers a ransom in exchange for the promise of a decryption tool.
However organizations respond, if they don't have incident response expertise in-house, they need to get it, says Alan Brill, senior managing director in the cyber risk practice at the consultancy Kroll.
"What you want to shoot for is the best solution that you can come up with, and that's going to require some experienced hands," he says in an interview with Information Security Media Group. "There really is a need for practicality. ... It's all about knowing, as opposed to guessing. You want to deal with the facts before you make the decision."
To help make that happen, he notes that more companies are now carrying cyber insurance, which gives them immediate access to incident response tools and specialists that can help them identify the best way forward.
In this interview (see audio link below photo), Brill also discusses:
- Best practices for responding to ransomware and data exfiltration incidents;
- The importance of using intelligence on ransomware strains and gangs;
- How to work with insurers;
- Dealing with criminals: What are the risks?
Brill is a senior managing director with Kroll's cyber risk practice. As the founder of Kroll's global high-tech investigations practice, he has led engagements that range from large-scale reviews of information security and cyber incidents for multibillion-dollar corporations to criminal investigations of computer intrusions.