To pay or not to pay? With over a third of all companies facing this dilemma last year alone we take a look at the pros and cons of paying the #ransom in our latest blog : #ADX #DataExfiltration #Cybersecurity
Should You Pay a Ransomware Demand?
What are the Pros and Cons?
Receiving a ransomware demand is something every business dreads. It is no longer a matter of if you will get attacked, but when. Ransomware struck one -third of all organisations in 2021 alone. It’s something that every security team will have to deal with.
What’s more, once-standard mitigations such as reverting to backups may no longer be enough to recover data if critical files have been encrypted. Many ransomware demands now threaten to release data publicly if the ransomware demand is not made in a timely manner. Many also release samples to prove they have the data as many victims naively think it’s a bluff or feel they have adequate protections in place.
Other threats may include exposing firms to the threat of regulatory action or initiating DDoS attacks to further disrupt operations. And with the clock ticking, firms have to make quick decisions about whether to pay the ransom to avoid further consequences or brace themselves for the fallout.
The Benefits of Paying a Ransom
Many firms may decide that the easiest way to restore services and remain operational is to simply pay the ransom. As long as everything goes to plan, this can minimize disruption and downtime, as well as avoid significant financial losses beyond the ransom itself.
Some firms may also believe this will help them keep the incident quiet and avoid any adverse publicity – although regulatory reporting requirements may still apply depending on the sector they operate in and the information compromised.
For organizations in critical sectors such as healthcare, utilities or infrastructure, remaining operational may be such an important consideration that paying the ransom is the only viable option.
Disadvantages of Giving in to Ransomware Demands
One of the biggest issues with paying a ransom is that you’re gambling that hacker will keep to their word and restore systems. Unfortunately, when you’re dealing with criminals, there’s no guarantee. In fact, it’s estimated that as many as 92 precent of firms fail to recover all of their data, with nearly a third losing at least half.
If the hackers have successfully exfiltrated data as part of their attack, there’s also no way of knowing what they’ll do with this, even if a ransom is paid. Many cybergangs make additional revenue by selling the data on the dark web, especially if it contains valuable intellectual property or customer data. This can cause significant long term problems for the organization in terms of lost competitiveness and reputational damage.
Finally, perhaps the biggest issue with paying ransomware is that it encourages future attacks. If the attackers know you pay then they often come back two and even three times, making it impossible to get ahead of the attacks.
This isn’t just bad for the cybersecurity sector as a whole – it also paints a big target on individual businesses. Some estimates suggest 80 percent of companies that pay a ransom will fall victim again. Of these, only around half are thought to come from the original hackers, highlighting how quickly weak and profitable targets are disseminated in the cybercriminal network.
The Impact on Ransomware Insurance
Some firms may reason that if they pay the ransom, they will be able to claim this against their cybersecurity insurance policy. However, this often leads to more problems.
Over the last few years, ransomware payments for these incidents have skyrocketed, and ransomware insurance providers have created very strict policies. In order to mitigate their own losses, insurance carriers are tightening up limits on how much they’ll pay and under what circumstances.
Whether or not an insurance policy will pay can depend on a wide range of factors. Some, such as AXA, have stopped paying out for ransomware altogether, while others are making their coverage terms much tighter, for instance, by increasing their requirements for firms to have comprehensive protections in place.