Personal Finance. Money. Investing.

Over the last many years, Ransomware has surged up significantly, with 236.1 million attacks being reported in 2022 globally. As more traders rely on digital platforms for trading, they become more vulnerable to such attacks.

 The primary concern after a ransomware attack is restoring access to your financial data. It may seem like paying the ransom is an easier solution, but it's not advisable. There's no guarantee that you'll get your data back, and you may be exposing yourself to further attacks.

Here are some steps you can take to recover your financial data after a ransomware attack:

Restore From Backups

 It's essential to keep regular backups of your financial data to ensure you can recover it in the event of an attack. So, if you have a backup in an external storage device, simply connect it to a system that's not affected by the Ransomware and restore the data. 

Similarly, you can also access your lost financial data through Windows Backup Restore. For that, go to Control Pane l> Select external device > Select Backup and Restore. Follow the instructions accordingly to restore your backup. While we have given an example for the Windows system, you can restore your financial backups according to your OS. 

Also, make a habit of keeping backups of every trading data that's relevant to you. To avoid the hassle of backing it up all at once, you can keep storing it as you get the data. For example, if you have recently discovered something crucial about crude oil future gains, quickly save the data in your system and make a backup of it side-by-side.  

Connect with Data Recovery Professionals

If you don't have backups, don't worry! You can still get access to your data by connecting with data recovery service providers. With years of experience and proficient assistance, a good data recovery provider can help you with full data recovery after a ransomware attack

These Ransomware recovery services are secured with diverse benefits to save you from data loss. They can work by initiating a thorough investigation, decrypting data, and providing cyber-security analysis to ensure the best outcomes. 

If you choose a good service provider, you can stay assured of as much as a 96.7% success rate in data restoration. In most cases, the professionals under data recovery services work by:

Evaluating: Identify the Ransomware attack and come up with an immediate plan.

Reviewing: Review and analyze all the situations to understand the problem. 

Recovering: Implement the best strategies to recover the financial data. 

Verifying: Verify with you whether they have restored all the financial data you may have lost.

Delivering: Send you the complete financial database in a drive either digitally or through secure shipping. 

Taking help from data recovery professionals is the easiest and most secure way to get back your financial data after a Ransomware attack. That's because Ransomware is an awful cyber threat. Any wrong move can become a loss for you or your organization. So, it's best to connect with experienced individuals and let them do their work. 

Things You May Do Before the Data Recovery Professionals Arrive

Until the data recovery professionals arrive, you can try some methods to prevent any further data loss from your system. For example, you can:

Note Down the Details: Quickly take a look at the Ransomware file and note down the important details like file name, extension, and a ransom note. You can also take a quick picture of these details if you don't want to save time during data recovery. 

Isolate the Infected System: Next, isolate the infected system so it doesn't spread across other files. It's the quickest way to secure your networks and prevent any further data loss. 

Disconnect Other Devices: If you have any device connected to the infected network, disconnect it immediately. In most cases, people often connect their phones, tablets, and pcs to their systems. As these devices may have crucial financial information, it's more prone to be attacked by hackers.  

Change Passwords: If you have any online accounts logged in to the infected system, change the passwords of these accounts through another device. Once the Ransomware clears off, change the password again to be on the safer side.

Remember, protecting your financial data is just as important as managing your portfolio. Take precautions and follow cybersecurity regulations to prevent such attacks from occurring again.

Final Note

By remaining calm and taking the right steps, you can restore your trading data after a ransomware attack. Back up your data regularly, connect with data recovery professionals, and take steps to prevent further data loss. We hope this guide was helpful with your concern. 

Where do cyber threats begin? What is the root of the issue and how can we eradicate the source of any risk? What does this look like when you’re a maturing startup compared to a global corporation? Thomas Parsons, Sr. Director of product management at Tenable Network Security here takes to Finance Monthly back to the basics and gives his thoughts on the current global cyber situation.

Ransomware had previously been considered just another piece of nuisance malware that largely targeted unsuspecting consumers. However, the recent uptick of new variations, and their drastic impact in restricting access to enterprise systems and data, has catapulted this threat firmly into the spotlight. Events in the last few months have established ransomware as one of the most impactful and persistent global cyber threats.

Ransomware on the global stage

Increasingly in recent years, we’ve seen a shift from hackers using ransomware to target individual users to much larger attacks on enterprises. Top of mind is WannaCry, which wormed its way into networks around the world and encrypted data, closely followed by ‘Petya’ and also ‘NotPetya.’

Ransomware operates by compromising a system, infecting it with malware and encrypting data using a private key, preventing users from accessing the system. Hackers then send a message demanding payment to provide the key and restore the user’s data. Weaponising ransomware with worm capabilities, i.e. EternalBlue, has given hackers the opportunity to maximize the damage as the malware spreads from system to system. When ransomware latches onto systems that contain valuable company data, the systems become inaccessible, effectively bringing business to a halt.

For any organisation, the breach of personal data can not only impact the bottom line, but it can also cause irreversible reputational damage.

To pay or not to pay

WannaCry and Petya/NotPetya represent the new normal of today’s sophisticated threat environment. And with ransomware now impacting the global community, organisations must grapple with whether to pay the ransom.

Unfortunately, there is no guarantee that an organisation, which has its data held hostage by cyber criminals, will get a decryption key by paying the ransom – after all you’re dealing with criminals.

Paying the ransom also further funds the criminals’ antics, validating the business model and encouraging repeat infections – a practice that doesn’t benefit anyone in the long run, except perhaps the criminals.

However, the debate as to whether to pay cyber ransom shouldn’t be the focus, given that these attacks can be preventable.

Rather than a sophisticated attack or zero-day exploit, ransomware often takes advantage of well-known software vulnerabilities that organisations have failed to patch or update. The truth is attackers would much rather gain entry to the network by exploiting a known, but unpatched vulnerability, or a phishing email, because these techniques have a much higher return on investment.

But patching isn’t always that simple. Security teams can't control everything, and while it has become increasingly easy to deploy changes into environments, there are some mission-critical systems that can’t be updated with a click of a mouse or a simple script. For those systems that can’t be taken offline without disrupting business operations, security teams must implement compensating controls and make proper, risk-based decisions to mitigate the threat.

Cyber 101: Back to the basics

If we’re to leave ransomware in the past, organisations must get back to the basics, focusing on the foundations of strong cybersecurity.

To start, organisations need to implement security controls that prevent untrusted or unknown applications from being installed, while not impeding end-user productivity. This means security teams should use application whitelisting, blacklisting, dynamic listing, real-time privilege elevation and application reputation.

Organisations should also consider adopting the principle of least privilege, which gives privilege to users according to job necessities. In the event of an accidental link click or attachment opening that attempts to execute an application requiring elevated privileges (such as encrypting a hard drive, network share or folder), the user privileges would not allow those actions to be performed, stopping the attack immediately.

Even more important is end-user security training and awareness, backed by a solid understanding of attack methods used to gain information from users. Educating users on how to spot a phishing email and the dangers of sharing personal information and installing software from unknown sources can benefit them both at work and home.

In the modern computing environment, which now spans cloud, on-premises, IoT and operational technology, continuous visibility into the vulnerability status of every asset is critical to understanding the business impact of ransomware attacks and to fundamentally improve how organisations think about cybersecurity.

Here is a simple mantra to help focus the mind - If you can’t patch it, then you must protect it. And if you can’t do either, then you should prepare for the consequences.

Austen Clark, managing director of Scottish IT specialists Clark Integrated Technologies tells Finance Monthly that a ransomware demand can be commercial suicide for a business, as it has the potential to ruin its reputation, send share prices plummeting and it may struggle to recover from the damage done.

Austen’s advice is simple - prevention is better than cure.

“Should companies pay cyber ransoms? The answer is that they should never have been in the position to be ransomed in the first place.

“Ransomware is the most financially successful hacking tool over the past four years. Revenues from ransomware have been increasing exponentially year on year – in 2016 it was reported a 6,000% increase in revenues.

“It is also one of the most publicised forms of attack so companies really have no excuse for failing to have appropriates backups, data recovery and updates in place. This can be avoided – hence why a business should not find itself in this position.”

Even after an organisation has been compromised, it should not consider paying a cyber ransom, explains Austen.

“By paying the attackers, you have confirmed that their method works, and paying a ransom does not guarantee you will get your data back. These are dishonest people, and even when you hand over the ransom there is no guarantee they will honour the arrangement. It has been well documented that they do not always release all of the data, holding out with additional requests.”

Austen outlines practical preventative measures relevant to all businesses to defend against a ransomware attack.

As long as companies continue to pay up, then hackers will strike in this way.

Austen adds: “There are few that will admit to an attack – and even less admit to paying up, so this is vastly under reported but this has crippled companies before, and it will again. Organisations like Nayana will be in the press for a long time and for all the wrong reasons.

“If you follow these points you will reduce the risk of a ransomware attack which really is the best defence. In the event of falling victim you can restore your information and not have to pay a ransom. Back-up data to a separate source like a Data Centre, Cloud, or external hardrive, basically anywhere but your current source.”

The threat of cyber extortionists holding data hostage is significant. Symantec’s 2017 Internet Security Threat Report lists ransomware as the ‘most dangerous cybercrime threat facing consumers and businesses’.

Last week, South Korean web-hosting firm Nayana agreed to pay a $1m ransom to unlock computers frozen by hackers. Security experts warned that firms should not pay such ransoms or enter into negotiations with hackers. In addition, today several firms globally were held to cyber ransoms including banks, airports and government systems around the world. Even DLA Piper suffered an attack according to the BBC.

When considering high-risk industries like financial markets, the data and infrastructure at risk is both incredibly sensitive and complex. Once adversaries gain access to an environment, they can access everything from proprietary algorithms and trading strategies through to sensitive customer data.

This week, Finance Monthly received its biggest ever number of responses to the question ‘Should Companies Pay Cyber Ransoms?’ Below are just a few of the responses from top experts around the world.

Jack Bird, Content Specialist, Team Umbrella:

The magic of the internet and today’s cutting edge technology is based on a give and take relationship. To take all the lightning quick information and globalised communication, we have to give our personal details and highly sensitive information in return; like a sacrifice to the all-powerful cyber gods that we’re forced to trust so our crops might be more fruitful next year.

The easier things get for us, the larger the anvil hanging over our head becomes; and this form of cyber terrorism we’re seeing with Nayana is only going to grow. This might soon see a return to more physical forms of media to avoid the proxy-warfare of recent headlines, but for now, and it is a weak answer: it’s a matter of balances.

Maybe the correct move is to stand up to the bully and not give them your lunch money, because next week they might come back for your homework or the intricate details of your eight figure business plans. Giving in to demands, however, might result in you going hungry throughout the day – or, to put an end to that analogy, your work force of mothers and fathers going hungry because you can’t pay them anymore.

Films taught us to puff our chest out, but, even though this news story might resemble the plot line of a 1980’s Paul Verhoeven film – this isn’t a film. There is no simple answer because every question is different. Is the $1 million more valuable than the files they’re holding a gun to the head of? Maybe they’re outdated and you don’t need the information anymore?

There is no definite answer, which makes this a bad one – but, also, the right one.

Rafe Pilling, Senior Security Researcher, Counter Threat Unit, SecureWorks:

To paraphrase a well-worn bit of philosophy, all that is necessary for ransomware attackers to succeed is for well meaning

organizations to pay the ransom. In 2016, it became common for thought leaders to say “Never pay the ransom, but …” and that “but” was meant to allow wiggle room for instances when a $500 ransom was cheaper than the hassle of not paying, or when healthcare entities were dealing with true matters of life and death. But the problem with either of those scenarios is: As soon as one pays the ransom, then one has reinforced that the attackers made the right decision to attack. The only reason this crime thrives is because it’s profitable organizations (despite what they say publicly) continue to pay the ransom. When that stops, so will the attacks.

Eric Berdeaux, CEO, OXIAL:

If the situation has gone so far that an organisation has actually been breached, then paying can be the best option open to them. Ransomware is truly insidious and can often encrypt most, or if not all of an organisation’s data. This makes it completely unusable and puts a halt to any internal business and IT processes. Such is the professionalism and expertise of modern hackers, it can be very difficult to fend off Ransomware once it has taken hold. To try and clean the virus, delete all of the encrypted files and then restore them, would not only cost a lot of money but would require a number of highly skilled engineers too. Even then, there is no guarantee of success. That’s why I believe that when it has gone this far, the only way is to pay.

Of course, it would have been far better to spend this money in a different way – securing the data properly and effectively in the first place, and covering any residual risk with good insurance. Organisations do not always do this even when they have suffered an attack, believing lightening won’t strike twice. This is misguided. When it comes to cyberattacks, lightning can and will strike on many occasions - the security threat in 2017 is incredibly complex, varied and on-going. Without continuous protection, organisations will be hugely vulnerable and may find themselves facing expensive ransom demands.

Rob Norris, VP Head of Enterprise & Cyber Security EMEIA, Fujitsu:

The news that South Korean web-hosting firm Nayana has agreed to pay a $1m ransom to unlock computers frozen by hackers is stirring a new narrative around whether we should be giving in to hackers. While industry experts have been preaching against this, companies are ultimately left facing the prospect of irreversibly losing valuable data, or paying a certain, often excruciating, amount of money to save their businesses.

Paying ransomware encourages the lucrative side of malicious cyber activity, which subsequently attracts more actors willing to engage for their personal gain. The truth is that many organisations probably don’t see themselves as ‘high value targets’ for attackers and it’s likely that they have very minimal protection or staff training and awareness. However, for many malicious actors finding vulnerabilities is their bread and butter, and they will look to hold organisations to ransom through a ‘soft attack’ that compromises its data.

Organisations should ensure they have good backups if they are infected. They must take a proactive and intelligence driven approach to security, by monitoring phishing campaigns which evade their mail gateway controls for example. Backups, risk analysis, staff training and further practical advice such as application whitelisting and incident response will ensure the risks associated with ransomware are as low as possible.

With this knowledge there is no excuse not to be prepared. Cyber criminals are entrepreneurial, well-sourced and motivated, and we shouldn’t be repaying their efforts in hefty amounts of ransom.

Sarah Adams, Cyber Risk Expert, PolicyBee:

Faced with not having access to your systems, data or website, it’s tempting to take what seems like the line of least resistance and pay a ransom straightaway. But there are good reasons why that might not be the best thing.

From a cyber insurance point of view, the most obvious alternative is to get in touch with your insurer. This kind of situation is exactly the sort of thing your policy is for. Your insurer has access to cyber security experts who will evaluate and deal with the problem for you.

Of course, if there’s no way around it, your policy will cover the ransom. But ideally your insurer will want to sort the situation by other, technical means if possible – there’s no guarantee paying up means case closed. Who’s to say you’ll get your files back, even if you cough up? Your insurer certainly doesn’t want to trust the word of a cybercriminal.

The point here is that two (or more) heads are better than one. You don’t have to deal with a ransomware problem – or any other cyber-attack – on your own.  Cybercrime is alien territory for most businesses, and it makes sense to get help when you need it most. A specialist insurer not only has the money to sort out these situations, it has the time and the expertise too.

Although undoubtedly unsettling and very much an unknown quantity, cyber-attacks involving ransomware aren’t always the business disaster they might first appear to be. Paying up doesn’t have to be a given and doing so, worst-case scenario, can risk turning you into a future blank cheque.

Preventing an attack in the first place can be equally expensive and time-consuming (and, given the odds, arguably futile), so it pays to have help and support on standby for if and when you’re targeted. You don’t need to be a cyber security expert to recover from an attack – you just need to know someone who is.

Dr Guy Bunker, Senior Vice President of Products, Clearswift:

This case sets an unfortunate precedent. Whereby larger organizations are shown to be prepared to pay significant sums of money to cyber-criminals. It will only stoke the fire of ransomware and the attacks on business if the perpetrators think they will get away with it. In the non-cyber world, we saw this with the Somali pirates, where once ransoms started to be paid, there was a huge rise in vessels and crew being taken hostage.

Our advice is always the same for both individuals and organisations: once you’ve been compromised, do not pay the ransom. By paying, you’re opening yourself up to further attacks as the criminals will see that A) the organisation has the willingness to pay ransom and B) the cash reserves to do so. Furthermore, in more than 30% of cases, access to the information is not returned, i.e. you still don’t get your data back in an unencrypted form. All too often, the cyber-criminals take the money and then re-encrypt systems a short while later – as the malware will still be lurking in the background, unless it has been fully removed.

This is not the only issue, negotiations between the criminals and organisation can take up valuable time and resources – according to reports it took Nayana over a week of back and forth with the hackers to come to an agreement. Ransomwares’ biggest impact is downtime of the organization, with several organizations requiring complete IT shut-down and the return to pen and paper while the issues are resolved.

The best defense against ransomware is firstly, to ensure all systems and applications are kept up to date with security patches being applied; secondly, ensuring that security systems are in place that strip hidden active content (the type likely to be ransomware) out of documents and emails coming into your organization; and thirdly, to regularly backup critical information. Backups are key and can ensure that even if information is encrypted, you won’t be in a position where you have to pay – minimizing the harm to you and the reward to the criminal to zero.

Robert Rutherford, CEO, QuoStar:

Ransomware is an increasing threat, and one which is here to stay. Although businesses may not like the thought of paying a cyber ransom, in today’s digital era if an entire business’s IT environment is frozen then they are unable to function, this loss of productivity can come at a far higher cost than the ransom itself.

When it comes to deciding whether to pay a ransom, a business essentially needs to understand how much an outage or a loss of key data assets is going to cost them. This information will allow a business to measure risk against cost and make an informed decision. If a cyber ransom is £500 for example, whereas loss of productivity could cost thousands, the decision can be made easily by those responsible for IT security within a business.

Furthermore, this information should also be used by a firm’s senior leadership team to determine which protections and solutions should be put in place to prevent the business from being infiltrated by ransomware again, or by another type of cybersecurity threat in the future. IT security must be a priority, however, and firms must not wait until ransomware strikes to conduct these risks versus cost reviews and act ahead of time.

Giovanni Vigna, CTO and co-founder, Lastline:

Companies should not pay ransom. However, there might be situations in which not paying ransom would cause irreparable damage to a company, putting the company out of business. In these cases, paying might be the only option, but these situations can be avoided by being prepared. Ransomware, in a way, is not very different from a catastrophic event. What if a room full of server is flooded and the machines damaged beyond repair? Would the company be ready to restore the service (and the associated data) after such an event? If the answer is “yes” the company could probably withstand a ransomware attack as well…

Andrew Stuart, Managing Director, EMEA, Datto:

Firms should never cave in to ransom demands from hackers. First of all, paying up does not guarantee the safe return of data. Datto conducted some research into this topic during the twelve months up until September 2016. We found that almost half – 47% – of the European firms which opted to pay ransoms, didn’t get all of their data back.

Secondly, firms that choose to cough up can quickly gain a reputation amongst cybercriminals for being a soft target. This leaves particularly susceptible to future attacks.

On a wider scale, each and every time a ransom is paid more money is ploughed into the criminal underworld. Today’s hackers work like businesses, with a portion of their income being invested in R&D. This extra cash could be used to develop new strains of malware or to exploit new vulnerabilities. While paying a ransom seems like a quick fix, it has negative, long-term consequences for all organisations.

Instead of paying ransoms – especially ones with $1 million price tags – organisations need to invest in better defences. Patching vulnerable IT systems is vital, as are perimeter defences such as anti-virus software and firewalls. But these alone are not enough. Firms also need to back up their data. If they call roll back their systems to a point in time before their data was illegally encrypted by hackers, firms can carry on as normal, with no dramas and no ransoms.

Andrew Bushby, UK director at Fidelis Cybersecurity:

An analogy often used to describe ransomware and whether to pay up or not is ‘protection racket’. In old-fashioned mob movies, two guys walk into a grocery store saying ‘Hey, nice store. Would be a shame if something were to happen.’ The reason the mob ‘insurance’ scams worked is because the value of the protection was higher than the cost of the insurance – and the mob delivered on their promises. In the case of ransomware, the value of the data is higher than the ransom and operators go through great effort to ensure users get their data back. Occasionally there are errors, but in general, people do get their data back.

In an ideal world, consumers and organisations would be better prepared. With sound backups in place, ransomware infections would merely be annoying exercises involving file restoration.  Ensuring backups of critical or valuable information has been a best practice for decades, but because reality rarely matches the ideal, this often doesn’t happen.  Consequently, a few tips can help those dealing with a ransomware attack:

Stu Sjouwerman, CEO, KnowBe4:

Ransomware has been called the most profitable criminal business model in history. Bad guys infect a workstation or whole network and hold the data hostage until a fee is paid to get it back. Last month, the WannaCry ransomware strain went global, impacting computers in more than 150 countries and wreaking havoc on Britain’s National Health Service, Spain’s Telefonica and France’s Renault automobile factory.

Ransomware has become a “when, not if” scenario for businesses of all sizes. Typically ransomware comes into a company through an employee– usually by opening the attachment of a phishing email which then gives cyber criminals the ability to download the malware onto the users’ computer or network without their knowledge.

Most antivirus programs do not detect it as it is rapidly changing with new variations every day. Being successfully hit by a ransomware attack can set a business back 50 years, using “pen and paper” management and the ransom amount can get very high. WannaCry charged $300/machine, which adds up very quickly, particularly for small and mid-sized businesses (SMBs)

Now to pay or not to pay – this is ultimately a business decision, and one which most organizations do not make lightly. There are different types of ransomware infections:

It is crucial to start with a so-called defense-in-depth strategy to protect your network, including weapons-grade backups that are regularly tested, ensuring all software is up to date, running antivirus software but not relying on it, identifying users who handle sensitive information and checking firewall configurations to make sure no criminal network traffic is allowed out and educating your users as your last line of defense so they can stop ransomware before it comes in.

Alex Manea, Chief Security Officer at BlackBerry:

Companies that experience ransomware attacks should never consider paying any ransom demand. Not only does it cause reputational damage and a loss in customer confidence, but once an organisation succumbs to paying a cybercriminal there is still no guarantee that full recovery will occur. Trusting cybercriminals to provide a decryption key can often take days, weeks or not happen at all.

Businesses should also keep in mind that cybercriminals are anonymous and they have no reputation to protect, which means they have no incentive to hand over the decryption key, as this could make them easier to trace.

In addition to this, there is now evidence that hackers are actually repeating other hackers’ successful ransomware activities. This not only suggests that businesses that are paying ransoms aren’t getting their data back, but are likely inspiring future attacks.

If a company does choose to pay the ransom, as in this case Nayana did, and they gain access to the decryption key or a tool which can help them to access their files again, there is still no certainty that the organisation is secure again. Indeed, in many ways the company is now more vulnerable to ransomware attacks, as it will have a reputation for paying and this could actively encourage additional ransomware attacks and even bigger financial demands.

We would also love to hear more of Your Thoughts on this, so feel free to comment below and tell us what you think!

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free weekly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every week.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram