Ransomware Attacks: Should You Pay Up?

Should you pay a cyber criminal?

Ransomware will strike a business every 14 seconds by the end of 2019, costing billions of dollars in damages. In fact, in 2018 ransomware is expected to cost more than $8 billion because of data loss and restoration costs, downtime and lost productivity, post-attack disruption/employee training, reputational harm, and of course, global ransom payouts. According to a recent survey, 62% of attacks are financially motivated, 38% are designed to disrupt the business and only 24% are politically motivated. So, if you’re the victim of an attacker seeking a payday, should you give in to demands and hand over those bitcoins?

Ransomware: To Pay or Not to Pay

Since ransomware first reared its ugly head stateside (the notorious CryptoLocker attack of 2013), cybersecurity experts and law enforcement officials have been adamant that companies should not pay the ransom, arguing that it will only encourage further attacks. Of course, refusing to pay is easier said than done. Attempting to access your files only to find that they’ve been encrypted is a frightening situation, and worst-case scenarios immediately come to mind—sensitive information being leaked to the public, loss of customers and customer trust, and even loss of the entire business are all thoughts racing through your mind. Plus, attackers aren’t stupid; ransoms are often relatively inexpensive, usually between $700-$1400, which makes paying to have the problem go away an attractive option. Fears, combined with an inexpensive ransom, can have many companies opting to pay up, but this may be changing.

In 2016, a Trend Micro study revealed that nearly 65% of organizations paid the ransom; but a 2018 CyberEdge Group study reveals that today, the majority of victims—nearly two-thirds—are refusing to give into the attacker’s demand. It’s now more widely reported that many hackers do not make good on the promise to restore data when payment is received, and companies are catching on. Of those who did pay, only 19% got their files back. Why wouldn’t the malware creator return files following payment? Sometimes it's because the only real goal was to scare people into paying; other times it's not intentional, but their poorly-coded malware leaves the files locked, making it impossible to undo the encryption process.

Victims of Ransomware

While attacks on large corporations and government entities are the stories making headlines, small and medium-sized businesses (SMBs) are becoming more and more attractive to malware creators. SMBs usually have weaker protections, yet still have access to customer records valuable enough that they will pay up to regain their data. It often comes down to what type of information they house; if there’s banking or credit card information, social security numbers, and/or patent information, that data is extremely attractive to a hacker. Healthcare organizations are also frequent targets because they store a lot of personal information and can’t afford to lose access to it—even for a few minutes. Lastly, universities are finding themselves the victims of ransomware at an increasing rate. A lot of file sharing occurs on a university campus, making access easy for hackers. And, universities often have the means to pay.

What to do if You’re the Victim

Ransomware is a psychological game. Often, victims are faced with a countdown warning them of impending data destruction. If you end up in this situation, try to remain calm. If you’re working with a managed cloud provider, your first step should be to contact them; inform them of the situation and inquire about data recovery. For those without a provider there are a few other resources that have been setup to dissuade against paying, which may be able to help:

  • NoMoreRansom.org. On the Crypto Sheriff page, you can upload one of your encrypted files and the site will inform you if there is a solution available to unlock all your files for free.
  • BleepingComputer.com. The ransomware help and support section can be very useful. Check pinned items and hot topics to find possible solutions to ransomware (you can also pose a question, but you may not receive an answer in time due to the time constraints of an attack).

Getting Proactive About Ransomware

They say an ounce of prevention is worth a pound of cure—and they’re right! If you’re lucky enough to have never been the victim of a ransomware attack, make sure you keep it that way. Educate employees on the dangers of suspicious links, employ content scanning and filers, install antivirus protection, update for patch deployments, and always backup your data. Depending on the sensitivity of your data, you may also want to consider cyber insurance. These policies generally cover your business’ liability for breaches involving customer information such as social security, credit card, and driver’s license numbers, in addition to health information. Last, but certainly not least, many companies have turned to Disaster Recovery as a Service (DRaaS). DRaaS has become such a data-saver that the market is projected to reach $12.5 billion by 2022.

Don’t wait until it’s too late to protect your most critical data now! Learn everything you need to know now about DRaaS with our free14-page eBook. It’s the most comprehensive guide you’ll find online.

DRaas: Everything You Need to Know

Related posts