To Pay or Not to Pay - Dealing with Ransomware Demands
We live in a world of possibility where nothing can hurt us, and the internet is our magical playground. We think we have all the time in the world to choose the best security solutions for us, integrate them into every inch of our network, and use them to actively seek out threats and mitigate them.
But you do not have all the time in the world. Cyberattacks happen every 39 seconds somewhere in the world. Do you know how many ransomware attacks happen per day? 4000 a day (or one every 11 seconds) are from ransomware.
Once you have been attacked by ransomware, you have only two choices: pay the ransom or do not pay the ransom. Your decision at this moment will depend on many different elements.
Can you afford to lose the encrypted data, or can it be restored from back-ups without needing to pay ransom? Can you afford the downtime it will take to recover or restore the data? Do you have millions of dollars to pay a ransom demand? Do you have ransomware insurance? There are so many things to consider in an already stressful time. It is important to develop a strategy for ransomware protection before an attack occurs. Let’s explore the pros and cons of paying ransomware demands, and the importance of forward thinking and planning.
Should I Pay the Ransom Demand?
There are several advantages to paying the ransom. If you are working with “trustworthy” criminals, paying the ransom, and getting the encryption key reduces disruption to the business, is often cheaper than downtime, and if you have cyber-security insurance, that insurance might cover the cost of the attack.
Should I Refuse to Pay the Ransom Demand?
The downside to paying the ransom is that there is simply no way to guarantee that the attackers will give you the decryption key. Even if you get the decryption key, will it work? For example, take the Colonial Pipeline attack earlier this year. They paid the $4.4 million ransom and received a decryption key that was too slow to use – meaning they had to rely on the back-ups and recovery solutions anyway. Paying the ransom might also encourage a second attack from the same group, or another group who sees you as an easy pay-day. Paying a ransom ensures the profitability of ransomware in the future, and there is no way to ensure the ransom payment does not go to terrorist or human trafficking organizations – making payment both moral and legal issues as well.
Please note, you should always consult with an attorney before paying a ransom to a ransomware operator. There are laws in every country dictating which ransoms can and cannot be paid. Paying an illegal ransom might land you in very hot water with your government or the local authorities.
How Much Could You Pay in Ransomware Demands?
Quite a lot as it turns out! This is no longer a corner-shop business. CPO magazine headlines read, “Ransomware Recovery Costs More Than Double in a Year, Now Average $1.85 Million,” and we suspect they are being generous.
What Should You Consider Before Paying a Ransomware Demand?
Mid-attack, there are several things you should focus on when deciding to pay or not pay the ransom.
- Ransom Amount – can you afford to pay the ransom amount, or is ransomware insurance set to pay it off?
- Double or Triple Ransomware Attack – a double ransomware attack is when attackers threaten to or actually sell your stolen data on the dark web if the ransom is not paid. Triple attacks are becoming quite popular, soliciting ransomware payments from individual customers and staff.
- Downtime – will the cost of the downtime associated with the attack be more expensive than the actual ransom payment? Remember, downtime is an average of 19 days after an attack.
- Effect on Personnel – can employees and users continue to work normally? Will they be in danger of an attack themselves after connecting to your infected network? Can you afford the work slowdown?
- Contractors or Third Parties – are your contractors and third parties the source of the attack? Or are they at risk as well? Can you afford to hire professional cybersecurity services to recover from the attack, a choice which usually comes with a six-figure price tag?
Can You Relax Once the Attack is Over?
Just because the attack is over doesn’t mean you can rest easy. After the attack, there are several more things to consider.
- Reinfection – once you have paid a ransom, you could be attacked again, by the same group or a related offshoot group that can exploit the same vulnerabilities and attack surfaces as the first time. What have you done to prevent reinfection? Which leads to…
- New IT Budget – ransomware attack makes it impossible not to invest in more robust cybersecurity solutions, meaning a higher IT security budget is required. This is not if you are willing to shell out after a costly attack but how much?
- Loss of Reputation – how do you ensure you don’t lose face with customers and partners? Can you recover your reputation along with your business?
- Increased Insurance Premiums – can your company afford to pay higher insurance premiums after an attack? Are you even eligible for ransomware insurance anymore, after an attack?
- Legal Fees & Fines – what legal issues will you face after the attack? Did you violate any data privacy or cybersecurity laws like those set out in the GDPR? If so, the ransom might be the least of your worries.
Ransomware Protection & Prevention
No matter the decision you make about payment, there are two critical things you must do in the event of a ransomware attack: you must find and close the vulnerabilities that allowed the attacker to enter your network in the first place, and you must improve the overall cybersecurity in your organization.
The best way to avoid dealing with any of these situations is to prepare yourself and prevent ransomware attacks from happening in the first place using robust ransomware protection. COVID has inspired a boom in different cybersecurity solutions, each with its own specific benefits and shortfalls. For example, if you value machine learning and AI-enabled cyber threat intelligence, focused on the APAC region but with global coverage, you should consider deploying Sangfor’s Cyber Command. Cyber Command does many things to improve your overall IT security and risk posture, including:
- Improving security detection and response by monitoring all internal network traffic.
- Correlating existing security events with AI behaviour analysis aided by global threat intelligence.
- Uncovering unknown security breaches with impact analysis and remediation planning.
- Integrating network and endpoint security solutions to automate and coordinate protection response.
The best defence is a great offence. If the thought of a ransomware attack scares you, you must prepare now for the eventuality. In 2021, ransomware has already cost enterprises $20 billion dollars. This is 57 times higher than the cost of ransomware in 2015, just 7 years ago. Take a lesson from the daily cyber-attacks in 2021, and implement ransomware protection for your business today.