Ransomware: A Threat That Won't Go Away
Ransomware is a type of malware that encrypts your company's files and demands payment in cryptocurrency in exchange for the key to decrypt them. In recent years, attacks have affected hospitals, municipalities, pharmaceutical companies, and subsidiaries of multinational corporations in Mexico and Latin America.
To Pay or Not to Pay? The Experts' Recommendation
The unanimous response from cybersecurity agencies and industry experts is: DO NOT pay the ransom. The reasons are compelling:
- It does not guarantee that you will recover your files: only 65% of victims who pay manage to recover all their data.
- You're funding cybercriminals: Your payment funds future attacks against other organizations.
- You become a recurring target: organizations that pay are attacked again in less than 6 months.
- It may be illegal: in some countries, paying ransoms to sanctioned groups can have legal consequences.
What should you do if you have a seizure?
- Immediately disconnect the affected devices from the corporate network.
- Don't shut down the servers: some forensic experts can recover passwords from RAM.
- Contact your IT security provider or the authorities (CERT-MX in Mexico).
- Check your backups: if you have recent, isolated backups, recovery is possible without paying.
- Document everything: preserve evidence for forensic analysis and potential insurance claims.
The best defense: prevention and backups
- Automatic backups using the 3-2-1 rule (3 copies, 2 different media, 1 offsite copy)
- Network segmentation to limit the spread
- Up-to-date security updates on all endpoints
- Ongoing employee training to detect phishing
- EDR solutions EDR automated response capabilities
Is your company ready?
At Keptos cybersecurity audits that assess your level of exposure to ransomware and design incident response plans tailored to your industry.