When a Florida town of 35,000 paid a $600,000 ransom to regain control of its computer systems and critical services — from e-mail access to management of a water-pumping station — critics immediately warned that paying ransomware operators would only lead to more attacks.
Yet businesses and city governments need to stay operational. While risk analysts and security experts continue to recommend that companies keep focused on securing their systems and speeding incident response to minimize the impact of crypto-locking ransomware, they are now also recommending that companies be prepared to capitulate.
In a June 5 report, for example, Forrester Research published a guide to paying ransomware, advising its audience to consider third-party firms that negotiate with cybercriminals to ensure the best outcome.
"Our recommendation is to work with someone who is essentially a specialized breach coach for ransomware," says Josh Zelonis, senior analyst for cybersecurity and risk at Forrester. Companies need to "go through a staged process to make sure that you are building a rapport with the actor and ensuring that they are able, and willing, to decrypt the data — to essentially deliver a 'proof of life.'"
The list of municipalities that have been hit with ransomware is growing. Baltimore, Maryland; Atlanta, Georgia; Riviera Beach, Florida; and Albany, New York, have all faced the decis ..
Support the originator by clicking the read the rest link below.
