Federal Trade Commission Offers Tips on Avoiding and Responding to Ransomware Attacks


By: Amy C. Bender

With ransomware attacks on the rise, it is important to have a plan in place on how best to prevent such attacks and respond when they occur. The Federal Trade Commission, the government agency tasked with protecting consumers, has issued guidance to help both consumers and business defend against ransomware attacks.

The guidance for consumers, which is available here, offers tips and answers frequently asked questions about ransomware. The key points it emphasizes for consumers are:

To avoid a ransomware attack:

  • Update your software regularly
  • Use caution in clicking on links or downloading attachments and apps
  • Back up important files routinely

If you are the victim of a ransomware attack:

  • Prevent the attack from spreading throughout your network
  • Restore/reboot your computer
  • Contact law enforcement

The guidance for businesses, available here, covers many of these same points, but provides additional detail on the nature of ransomware, the unique risks it creates for businesses, and the importance of having solid security measures and incident response plans in place before an incident occurs. The FTC also has published an accompanying video for businesses, available here. For businesses, the FTC guidance recommends:

To defend against ransomware:

  • Train and educate employees
  • Implement security measures
  • Back up data often
  • Develop and test incident response and business continuity plans

To respond to a ransomware attack:

  • Implement your incident response and business continuity plans
  • Contact law enforcement
  • Contain the attack

When you are affected by a ransomware virus, the decision of whether or not to pay the ransom in order to regain access to your files is difficult. The truth is that many businesses and individuals choose to pay the ransom and that it usually works as promised to unlock their files. In some cases, the cost of the ransom even may be covered by a cyber liability insurance policy. But other organizations, such as the FBI, encourage individuals and businesses not to pay the ransom, arguing that doing so only helps perpetuate the problem. These are tough decisions that each person and organization must make for themselves on a case-by-case basis, but to help provide some direction, the FTC guidance also discusses factors to consider in deciding whether to pay the ransom. For instance, by paying the ransom, there is no guarantee of getting back the files, the hackers may increase the ransom price or delete or deny access to the files anyways, and you may become a target for other scams. On the other hand, both individuals and business understandably may not be able to function without the data the hackers have seized.

With ransomware, the best offense is a good defense, and these simple tips can help both individuals and business be better prepared for an attack. FMG’s team of attorneys on our Data Security, Privacy, and Cyber Liability practice group have extensive experience helping clients prepare for, protect against, and respond to ransomware attacks and are available to counsel you through these best practices and challenging decisions. Please contact us to discuss further the steps you can take to protect yourself and your organization.