What is the right ransomware decision?
As ransomware attacks continue to plague all sectors of both industry and government, one thing that all victims have in common is deciding whether they should give in to the criminals’ demands and pay up or attempt to solve the issue on their own without negotiations.
What is a ransomware attack?
In a ransomware attack, a targeted network is breached by an unauthorized user, or group of users, who then encrypt the system’s data and lock users out until a financial payment is made. This leaves you with the ransomware decision, to pay or not to pay?
Hackers may breach a network in a number of ways, from employing social engineering techniques to buying compromised credentials or using brute force methods involving password guessing.
In some cases, a hacker will engage in a double extortion attempt in which they lock the victim out of their network and also threaten to leak their sensitive information or proprietary data onto the internet. This tactic may be employed to add extra incentive to paying a ransom or initiated after the first ransom was submitted in order to strong arm the victim into yet another payment.
Ransomware attacks have increased in the last few years, as the COVID-19 pandemic has stretched cybersecurity thin by spreading out remote workforces and creating new challenges with regard to safety protocols and data privacy.
However, ransomware was seeing a major uptick in deployment even prior to the pandemic.
In 2018, ransomware incidents grew by a whopping 350% and then another 40% the following year in 2019. Are you ready to make a ransomware decision?
Pros of paying after a ransomware attack
After establishing contact with a victim, ransomware gangs often negotiate with them to facilitate the payment process. Usually a timeline is introduced in order to put pressure on victims to pay before the price increases or before the criminals delete, leak or sell their data.
While counter to the notion of not allowing the bad guys to get away with their crimes, some organizations opt to pay up when hit with ransomware for a variety of reasons.
A ransomware decision to pay is faster
In some critical situations, it’s in an organization’s best interests to simply end the ransomware attack as quickly as possible. This may be because the data stolen is especially important or dangerous, or because a locked up network is resulting in serious strain on peoples’ wellbeing or a location’s infrastructure.
Healthcare facilities, for example, cannot afford to allow patients to be deprived of care, surgery or medication for very long in the event of a network shutdown. Criminals know this, which is why hospitals and medical centers are especially vulnerable to attack.
It might be cheaper
Even a large ransom demand might be an easier financial pill to swallow than the costs associated with rebuilding an entire network.
However, an organization will still want to invest in speedy network upgrades and deeper security measures as soon as they regain access to their system. Cyberattack victims, once attacked, often find themselves hacked time and again since they get the reputation of being an easy target.
It may lessen the impact of the attack
The quicker a ransomware attack is handled, the less downtime a network experiences. Less downtime means less of a financial hit and less time for the attack to stick around in the news and cast doubts on the safety of doing business with an organization.
From a public relations perspective, news of a cyberattack is best kept brief. If a company is able to simply pay a ransom and then carry on with business as usual, the world’s short attention span will likely allow any security lapses to slip through the cracks.
Cons of making a ransomware decision to pay after a ransomware attack
Giving in to criminal demands is a risky and potentially dangerous preposition.
It encourages the criminals
The most obvious result of paying a ransom is that it encourages the continued deployment of ransomware attacks. In spite of being against a rock and a hard place, choosing to pay a ransomware gang is an action that crosses moral and ethical boundaries.
The more frequently hackers are able to part organizations from their cash, the more appealing future attacks become.
There are no guarantees
Just because an organization gives in to the demands of a ransomware gang doesn’t mean that their troubles are over.
Sometimes, after a ransom is paid, the criminals simply cease communication and never provide the means by which to decrypt the victim’s network.
In other cases, some but not all data may be returned. Worse yet, the information may still end up being used for a further extortion attempt or simply sold on the dark web.
It may actually be illegal
Paying a ransom may actually be against the law and could land your organization in hot water with the federal government.
A company that sends finances to a criminal organization may be charged with funding cyber terrorism, as the enterprises that engage in ransomware attacks are sometimes state-backed or use the money they extort to fund actions that may pose national security risks.
It’s important to keep legal counsel privy to actions revolving around cyberattacks and ransomware attacks in particular.
Stay safe from ransomware attacks
The best way to prevent having to decide whether or not to pay up after a ransomware attack is to keep the hackers away in the first place. Even if you do pay, it may be difficult to recover from the attack. Here are some tips to help keep your network safe:
Back up your network. Maintaining a full backup of your network means that even if you suffer an attack you don’t have to negotiate with criminals to resume normal business operations. The attackers may still steal and leak your data, which is a separate issue, but at least your company will be able to weather the initial storm and not find their system paralyzed.
Educate and train your staff. Ransomware attacks usually require tricking someone into downloading the malware that launches them. This is often done via social engineering or phishing scams. Make sure your staff practices proper etiquette with regard to dealing with emails that include attachments or clicking links that may not be from trusted sources.
Keep your entire system up to date. Hackers are continually probing software for new weaknesses or looking for unpatched vulnerabilities existing within victim networks. Make sure that your operating systems, apps and firmware are set to update automatically. You can replace outdated and potentially hazardous hardware with economical upgrades courtesy of a reputable dealer.
Keep up with the news. Various federal agencies post regular warnings and updates related to current cybercrime trends. Tech writers and blogs also stay privy to developing stories. Stay in the know by keeping an eye on the various cybersecurity resources available online.
Sources
- 2021 Ransomware Statistics, Data, & Trends by PurpleSec
- Ransomware: To Pay or Not to Pay? by Mike Chapple, 10 Aug 2021, EdTech
- Paying Ransom On a Ransomware Attack Is Illegal by Joshua Beitler, 26 Aug 2021, GrossMendelsohn
- The Pros and Cons of Paying the Ransom: When Should I Consider It? By Proven Data
Ransomware: Should you Pay the Ransom? By Jason Coggins, 24 Nov 2021, Lepide
