Ransomware attack: to pay or not to pay?

When you're under a ransomware attack, you have two choices. To pay, or not to pay? In this scenario, both choices come with some serious consequences.

Whether it's a thief who wants to have a taste of our wealth or an enemy paying goons to threaten the daylights out of us — security threats have always stolen our sleep. Or should we say it kept us awake?

From locking doors (and checking twice) to storing valuables in safety deposit boxes—we find ways to safeguard things we don't want to lose.

But why are we careless when it comes to cybersecurity? 

When humans embraced the digital revolution, our friendly neighborhood thieves did not retire. 

With the luxury of the internet came data breaches. With the convenience of soft copies came information leaks. And with passwords like "password," hackers didn't need a day job anymore.

Cyberattacks continue to infiltrate businesses and government systems. Over time, these types of attacks have evolved.

What is a ransomware attack?

Ransomware is a form of malware that restricts access to the victim's files. The attackers demand a ransom in exchange for access while threatening to leak or corrupt the data.

So what's the big deal?

Here are some stats for perspective:

According to Cybersecurity Ventures, the global cost of ransomware attacks in 2015 was $325 million. 

By 2017, it amounted to $5 billion. 

In 2021, *drum rolls*, the world paid a whopping $20 billion. That's almost 50% of Elon Musk's bid to buy Twitter.

Moreover, ransomware attacks are expected to target businesses, consumers, and devices every two seconds by 2031, up from every 11 seconds in 2021.

The upward trend only means that attackers are evolving. Another prominent contributor is Ransomware-as-a-Service (RaaS). The dark web is getting darker every day!

Apple's ransomware attack

When Tim Cook announced multiple new products at a virtual event, REvil – a ransomware group – released a blog post claiming to have stolen blueprints for Apple's latest products.

REvil supposedly stole data from Quanta Computer, the largest laptop manufacturer on the planet (and one of the companies that assemble Apple products).

REvil demanded a $50 million ransom for the decryption key. Although Apple did not pay, when the new products reached the market, they matched the schematic diagram leaked by the hacker group in their blog.

To pay or not to pay?

Often, ransomware aims to spread and gain access to entire systems. Hence, victims face an alarming dilemma: to pay or not to pay?

The answer is not that easy. The answer lies in the grey area, afraid of two extremes.

What has been compromised?

The answer to this question depends significantly on the industry. 

For example, manufacturers could lose access to control systems. As such, a ransomware attack can derail production schedules and have a severe effect on contractual obligations.

Compromised healthcare data can put lives at risk. 

Governments and banks have to think about possible leaks of personally identifiable information (PII) and other sensitive data.

In some cases, companies also choose not to pay when the decrypted data is useless or information that won't hurt anyone. 

What's the cost of potential downtime?

Depending on the severity, cyberattacks can paralyze business operations. 

Sales interruptions will affect revenue. Recovery can and will take time. 

How much time? Is it cheaper to recover data compared to paying the ransom? Will cyber insurance, if any, share the burden?

When you're done with all this, will you have customers willing to continue doing business? Reputation is hard to gain and harder to regain!

Compliance and regulatory violations?

Paying the ransom may not bode well with your legal system. Without a proper crisis management plan, companies can become liable to authorities. 

Although many companies don't like to disclose a security event, most countries, by law, will require you to inform all those affected by a cyberattack. So know your law!

A one-time occurrence?

There is no guarantee that a second attack or double extortion isn't on the cards. Mind you – we are dealing with cybercriminals. If they were morally rich, they wouldn't have attacked your business in the first place.

That's exactly why, as they say, prevention is better than the cure. 

Steps to mitigate the risk of ransomware attacks include:

  • Regularly maintain and test encrypted offline data backups. The keyword here is "offline." 
  • Be ready with a data breach response plan. Always anticipate a cyber incident. 
  • Train employees and prioritize cybersecurity awareness.
  • Make sure your security software and signatures are up to date. Regulate this practice in your organization.
  • Implement security audits, regular penetration testing, and cloud security testing on your infrastructure and third-party service providers. Everyone is in the game!
  • Enforce just-in-time access. This way, you minimize always-on privileges that attackers can exploit.
  • Monitor file system activity to identify unusual activity. In case of a ransomware attack, such a system will ensure a forensic advantage in the recovery and remedial phase.

nach oben