- Nearly one-third of adults chose to restart their computers in response to a ransomware attack, according to a Stanford survey of about 1,180 U.S.-based ransomware victims, reports ZDNet. Rebooting will essentially allow ransomware to "finish its job," Bill Siegel, CEO and cofounder of Coveware, told ZDNet.
- Because ransomware is typically designed to "crawl through attached" drives, a permission issue could trip it up, halting the encryption, said Siegel. Rebooting a computer could correct the error that stopped the ransomware in the first place.
- Depending on the strain, 22% of people restored their computer from a backup, 18% opted for an online tool and 13% had someone else remove the virus. Only 4% reported paying the ransom.
A consumer, without the backing of security experts, legal teams and cyber insurance providers, respond to ransomware the best way they know how. Organizations have more resources to figure out the ideal response.
Hackers often act laterally, escalating privileges and learning where valuable files lie. Once valuable files are found, they can encrypt those files in the hopes of crippling a business.
"While some ransomware will just attack the particular machine, more sophisticated actors are using their sustained access to a network to map out and strategically deploy ransomware, John Dermody, counsel at O'Melveny & Myers, told CIO Dive last month.
Even with in-house security experts, "cybersecurity is as much of a people issue as it is a technology issue," said Dermody. "Expensive security systems aren't going to prevent an employee from clicking on a link in a phishing email."
But when the security technology fails and a bad actor breaches a network, victims need a recovery strategy.
Ransomware can be particularly devastating, leading to 65% of ransomware victims adjusting how careful they are browsing after an incident, according to Stanford. Other victims purchased antivirus products, began regular data backups, or enabled automatic updates.