Ransomware, to Pay or Not to Pay?

Ransomware remains a serious threat and although ransomware attacker groups promised not to target healthcare or medical institutions during the COVID-19 pandemic, attacks continue. 

This speaks to the critical need for businesses to take a proactive approach to cybersecurity in order to be positioned for early detection and fast response.  One question businesses often ask is, should we pay the ransom?  In one respect, paying a ransom can be seen as a cost-benefit decision. 

Broadly speaking, it’s better to not pay and so if you can, you should avoid doing so, but often this is not a viable option.  So what are some of the considerations, when thinking through the Ransomware payment question?

The goal of paying a ransom is to get access to a functional decryptor key.  Using the key offers a potentially quicker restoration than restoring from backups, particularly if backups are “in the cloud”.  The backup restoration process can be surprisingly time consuming, and during restoration, your ability to be operational as a business can be critically affected.  How long can you afford to be non-operational?  Paying the ransom could be the differentiator that determines whether or not you will stay viable as a business and an employer.  

What happens when your backups are encrypted as well?  If your data is encrypted, and your backups are encrypted, paying the ransom might be the only option to recover data.  

A new trend in ransomware involves the additional element of extortion.  The attackers are exfiltrating sensitive information before triggering the ransomware and then publishing the information online if companies don’t pay or delay paying the ransom.

However, it's painfully obvious that paying the ransom generates income for cybercrime, potentially including funding terrorist organizations and hostile nation-states.  Choosing not to pay the ransom injects some interruption to the lucrative cycle of cybercrime.

They say there is no honor among thieves, and this is clearly demonstrated in the world of ransomware.  

There are so many “even if you pay” scenarios that don’t end with you getting you recovering your data. 

How Ingalls Information Security Can Help

Ingalls Information Security understands the Ransomware threat.  Since 2010, we’ve been in war rooms and boardrooms, investigating computer networks targeted and attacked by criminals and nation-state sponsored hackers. This experience gives us a powerful edge in preventing and responding to cyberattacks. 

Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more, please check out our Blog Are You Prepared to Defend Against Ransomware? Or contact us here. 

One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.