We’ve all heard of the well-known debate surrounding ransomware – should you pay the ransom?
Like anything, there’s pros and cons, but with different outputs of information from multiple sources, whether that be online or word of mouth, it’s easy to get swayed by myths.
88% of organisations previously victimised by ransomware said they would choose to pay a ransom if hit again. However, is this really the best idea?
What is the truth behind paying (or not paying) a ransom?
And what should CEOs watch out for?
Almost two-thirds of companies confirm they have experienced a ransomware attack – there’s no denying that it is unavoidable in our technology-fuelled and increasingly remote economy. The importance lies in how businesses approach the subject and the risks to their own organisation. We’ve gathered 3 possibilities CEOs may overlook when paying ransom.
Business leaders are likely to believe that paying a ransom is the most effective method of retrieving data, assuming it works as simply as a give-and-take process. However, the lack of awareness surrounding threat response and the length of time it takes to restore data amongst organisations is causing employers to make rash decisions without understanding the full picture.
According to Kaspersky’s recent report on “How Business Executive Perceive The Ransomware Threat”, 33% of previously attacked companies were inclined to pay the ransom as soon as possible to get immediate access to their data, compared to 15% of companies who had never been victimised. However, paying the ransom doesn’t always correlate with the return of data or data protection – there is no way of knowing what the hackers will do next.
Since threat actors are money-orientated, fuelling their campaigns on decryption software which requires sufficient funding, they can easily duck out as soon as the ransom has been paid, leaving the business without their seemingly-promised data. Then what?
Who’s to say their data can’t also subsequently be posted online?
Pay the ransom? All your worries gone.
As idealistic as that would be, paying a ransom rarely helps an organisation in the long run – for themselves or for any other business.
Security researchers have noted that “ransomware has become a serious threat to corporations with new samples regularly emerging and APT groups using it in advanced attacks… Executives are forced to make tough decisions about paying the ransom. Giving money to criminals is never recommended though, as this doesn’t guarantee that the encrypted data will be returned and it encourages these cybercriminals to do it again.”
Whilst the stress of an attack may lead business leaders to a crossroads, where they decide to pay the ransom to cut ties with the threat actor, it can easily put a target on their back. Once threat actors discover vulnerable victims, they are more likely to strike again.
Paying the ransom also fuels their ability to target more and more organisations across the world. If the ransom is continuously and repetitively paid, then how will these ransomware gangs ever be stopped?
Ransomware attacks aren’t a “pay up and everything is solved” scenario, as much as we’d like it to be. Ransom payment is often only 15% of the total cost of ransomware attacks – the other detrimental costs are overlooked by many organisations.
Whilst the financial impact on an organisation correlates with the duration of the incident, it is also highly dependent on the actions of the people within that business. Victims are left with a loss of income due to legal procedures, incident response, restoring data from backups, contracting third-party experts and more. Threat actors approach negotiation strategically, often convincing the victim that paying the ransom lowers collateral damage costs. Therefore, employers and their employees must be vigilant to these tactics and take action with caution and well-backed research.
Organisations must also be aware that ransomware attacks aren’t just a matter of monetary costs – they cost the company time, reputation and even employee mental health, as IT security teams fight under pressure to resolve issues often beyond their capacity. Paying a ransom does nothing to solve any of these pressing issues – only stopping ransomware in the first place does.
If you find your business in the midst of a ransomware attack, don’t let the stress sway you into paying the ransom – the long-term damage isn’t worth it.
Instead, evaluate your security posture and discover what areas you need to invest in to ensure it doesn’t happen again.
To learn more about the consequences of ransomware, beyond the cash, read our recent blog post.
You can also download our company brochure for information on how our Hybrid Security Services help businesses prevent ransomware attacks, before they infiltrate their system.
Get in touch with us if you have any questions: hello@talion.net
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.
Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.
