Ransomware attacks are sometimes even worse than the worst-case scenario for which an organization planned. The data stolen by the ransomware group is so sensitive or damaging that allowing it to be released would destroy the organization. With all other options exhausted, an organization realizes they may have to pay the ransomware group.
What’s next? Before answering that question, it’s important to be sure that paying the ransom is the only option. Sometimes it is, but there are both moral and technical hazards to paying the ransom. The obvious moral hazard is that paying the ransom directly funds criminal enterprises, making their attacks much more effective against the next victims. A ransom payment to these cybercriminals allows them to purchase better tools, acquire exploits, attract more affiliates, and expand their ransomware. Organizations need to think really hard about making cybercriminals better at conducting ransomware attacks.
There’s also a technical hazard in paying the ransom. According to a study by Cybereason, 80% of ransomware victims who paid the ransom were hit by another ransomware attack. Most organizations who pay a ransom do so because their network is in disarray after a ransomware attack and they simply have no choice. Ransomware groups know this as well. It’s unknown whether ransomware groups target known victims who paid because they think it will be an easy target or an easy payday. What is certain is that victims who pay are targeted again. Organizations have to conduct an honest assessment of their ability to get back up and running and put ransomware protections in place before the second ransomware attack comes.
Should organizations pay a ransomware extortion demand? The short answer is no, but the longer answer is much more complicated. Despite how it sounds, that’s not a copout. There are a lot of factors that need to be considered in that decision. The continued existence of a business may rely on paying a ransom. In the case of hospitals, despite all the redundancies they have in place, patients’ lives may depend on a ransom being paid.
There are real-world considerations to ransom payments, and some argue that banning ransom payments would actually be counterproductive in the short term. The important thing is that victims have to make informed decisions. In order to do so, they have to be aware of all the risks of paying the ransom, as well as getting an honest assessment of their ability to successfully recover from the ransomware attack.
It’s the ransomware resource you can’t afford to be without. 437 Pages of ransomware know-how. Stay ahead of the cybercriminals: get your copy now!