The dilemmas organizations must deal with are dizzying:

  • To pay a ransom or not?
  • Will cyber insurance provide adequate shelter?
  • What’s the role of government?
  • Are new mandates and penalties on the horizon?
  • How are adversaries evolving their tactics?

To make sense of it all, let’s first focus on the adversaries and their playbook. Cyber criminals have a well-developed business model and carefully contemplated financial calculus of ransomware. They have determined whether they will launch a direct attack to maximize profits or offer Ransomware-as-a-Service, complete with a help desk and other support services, to supplement their income while enabling malicious actors with less technical skill.

They have researched their victims and targeted organizations based on their ability to pay. All these tactics are developed and executed in concert to make paying the ransom the path of least resistance – financially and logically.

Every aspect of a ransomware campaign is calculated to elicit an emotional response from the target such that it is easier to pay the ransom than to bear the costs and delays of trying to recover on their own.

Let’s start with what we shouldn’t do

Ransomware Protection Playbook