For every high-profile ransomware incident in the headlines, there are many more that never get reported. Particularly among small- and medium-sized businesses, often with small IT and cybersecurity teams, a ransomware attack can be an existential problem.
To understand how companies should respond when they discover they're in the grip of a ransomware threat actor, we spoke with Kurtis Minder, CEO and co-founder of GroupSense, which helps companies navigate through these attacks to get their businesses back online.
BN: What do companies need to understand most about ransomware attacks?
KM: The first thing they need to understand is 'ransomware attack' is a misnomer. It only covers part of the techniques threat actors use to extort enterprises. Yes, infecting companies with ransomware is part of what they do.
However, virtually all of the attacks we see today involve threat actors who have been on the victim's network for an extended period of time and stolen their data. Then they'll unleash ransomware to get the victim's attention and establish payment terms. But they now hit their victims with two points of leverage -- first, there's the ransomware itself and the need for the victim to get their operations back online. And then there's the data breach, and the threat to release all of the data if the victim does not pay up. So even if you can defeat the ransomware attack, you still have to address the data breach part of the equation. This becomes a complex situation that is beyond the capabilities of most companies to handle.