Last year, 68% of organizations in the US admitted to paying a ransom after experiencing a ransomware attack. It’s estimated that the average payout of a ransomware attack in 2020 was $312,493, a 171% increase from the year prior, with $30 million being the highest ransomware demand. As 2021 progresses, an impressive $40 million has already reportedly been paid by CNA Financial to restore access to its network after a ransomware attack.
“Recently, ransomware has become the greatest cyber threat to organizations. It keeps spreading and targeting various businesses, from hospitals to oil pipelines, to capitalize on the fear of operation disruption and data loss,” says Oliver Noble, a cybersecurity expert at NordLocker, an encryption-based data protection solution. “To pay or not to pay a ransom is the hardest question companies struck by cyber extortion must answer as they face the prospect of permanently losing access to their information.”
How ransomware works
Ransomware usually hits organizations that need access to time-sensitive data — for example, hospitals and municipal agencies. Hackers run a virus to breach a company’s system so that they could take control of it and lock employees or customers out, preventing them from using it. In most cases, a ransom note is left within the virus, and, for many businesses, production is brought to a standstill. The company is then extorted to pay money to get their access to the information restored. If the organization fails to pay, the program threatens to destroy or expose its data publicly.
What happens if you decide to pay?
It is generally advised not to give in to ransomware demands as such payments fund and encourage cybercriminals to carry on their profitable attacks. However, paying a ransom is often the fastest and least expensive way to recover. Moreover, you might not be sure how badly the attack has breached your systems and how long it might take to bring the business back up and running, so many businesses decide to meet hackers’ demands.
Usually, companies contact some third-party incident responders or cyber insurance firms to help negotiate with the hackers. The response team also brings in digital forensics, PR, and lawyers. Often, the attackers provide a sample set of files proving they can decrypt what’s held hostage. In almost all known cases ransoms are demanded in cryptocurrency, namely Bitcoin. After the payment is put into the designated cryptocurrency wallet, hackers provide the victim with a decryption key and tech support, allowing them to regain access to the network and data.
“Companies that agree to pay a ransom shouldn‘t be victim-blamed as they surely went through a big moral dilemma, and surrendering to threat actors must have been the last resort to restore their business and protect their clients’ reputation,” says Oliver Noble.
What happens if you refuse to pay?
Unfortunately, paying the cybercriminals off doesn’t guarantee that you will get back what’s been taken away. There’s also no guarantee your business won’t get attacked again. And, perhaps, the most worrying fact is that your data might still be shared publicly. Refusing to pay is a message to the attackers that the business doesn’t encourage cybercrime by making it profitable.
“After a ransomware attack hits your business, contact a team of experts to help you figure out what happened and what happens next,” Oliver Noble suggests. “Answering the following questions might help you see the bigger picture: Do I keep the data backed up elsewhere? Can I rebuild this network or database from scratch? What happens if the stolen data gets leaked to the public? Will my company be out of business if I don’t pay?”
What can make your business more resilient against ransomware?
It’s almost impossible to predict how a ransomware attack might play out, but you can always evaluate your preparedness by following some cybersecurity procedures.
- Ensure your company uses an antivirus and a firewall on every device and network it owns. The duo makes it more difficult for viruses to infect your system. A robust antivirus also helps prevent your staff from accidentally downloading malware.
- Update your company’s software and operating system periodically. Updates usually include critical fixes that repair known vulnerabilities and security flaws that cybercriminals might have already exploited to target others.
- Train your staff to see through and recognize phishing email scams. Don’t let hackers into your systems just because an employee clicked on a suspicious link within an email or downloaded a malicious attachment with hidden ransomware.
- Maintain periodic secure data backups to reduce the damage of any potential ransomware attacks. A regularly updated and secured backup will guarantee access to your data in the event hackers lock you out of your network.
- Start encrypting the information your company handles. According to the expert at NordLocker, if your business uses file encryption tools, even if hackers manage to obtain your files and folders, they won’t be able to access the content. The best way to keep your corporate information safe is to encrypt it and back it up in the cloud so cyber thieves wouldn’t be able to threaten you with wiping it or exposing it publicly.
- If you suffered a ransomware attack, inform the authorities and fully cooperate. Contact reliable experts to identify the root cause and secure your network from future attacks.