Ignore the ransom demands, Gartner advises. Instead, concentrate on maintaining high situational awareness

In the recent digital landscape, one name has been at the forefront of discussions regarding ransomware attacks - Colonial Pipeline. The pipeline company, based in the United States, was hit by a ransomware attack, resulting in significant consequences.

Firstly, it's important to note that Colonial Pipeline paid its attackers in the aftermath of the attack. However, this move, according to Paul Proctor, a distinguished VP analyst at Gartner, invites the attackers to return. Proctor emphasizes that if a company can recoup its data without paying the ransom, it should do so.

In the event of a ransomware attack, companies should be prepared to respond, viewing it as an opportunity to improve processes rather than a source of shame. Sam Olyaei, a director analyst at Gartner, suggests that understanding potential losses is crucial for making long-term decisions. Companies should calculate the true business impact of an attack and the ransom demand to determine if paying the ransom makes sense.

Ransom negotiators tend to find that ransomware groups uphold their customer service depending on their reputation. Yet, it's essential to remember that about 80% of ransomware victims who pay are targeted again, according to Gartner's estimates.

Effective communication is another crucial aspect in handling such situations. Colonial Pipeline failed to communicate the consumer impact of its ransomware attack effectively, leading to a gas panic on the East Coast that caused significant damage to the company. The CEO is the primary source to communicate overall business impact to the CIO and CISO, with relevant stakeholders, including the CISO, likely to be notified at the same time, requiring effective collaboration among key executives.

Sophisticated ransomware actors determine ransom demands based on a company's annual revenue. Therefore, it's crucial for companies to be aware of their potential losses and to research available decryptor tools, such as those on the No More Ransom website.

As the digital world continues to evolve, there's a growing trend among companies to view a successful response to a cybersecurity attack as a badge of honor. Companies must understand their situational awareness in the event of a ransomware attack, focusing on the current business impact.

In conclusion, the Colonial Pipeline incident serves as a reminder for companies to be vigilant against ransomware attacks, to be prepared to respond effectively, and to communicate transparently with stakeholders and consumers. By doing so, companies can mitigate the potential damage and turn a challenging situation into an opportunity for improvement.

Ignore the ransom demands, Gartner advises. Instead, concentrate on maintaining high situational awareness