For my last bit on ransomware, I’m going to focus on what the criminals want you to do, which is to pay the ransom.
In my previous post, I talked briefly about how paying a ransom could be seen as a business decision, such as choosing whether to pay a $16,000 ransom versus paying maybe $100,000 in costs while losing profitable revenue as you recover. In fact, your insurance company may push you to pay the ransom.
While some people decide to pay, I strongly recommend that you do not. If you fall victim to ransomware, don’t pay the ransom, no matter how low the price tag is. Whether you get your data back or not, your organization still has a responsibility to protect your clients’ and employee’s personal information.
Remember: A ransomware attack is a data breach. But the files are still there, just encrypted. Why is this a data breach then? It’s still classified as a data breach because how do we know that the attacker who locked your data didn’t make a copy for themselves to sell to other criminals? Or what if they altered the data before returning it to you, and your incorrect records cause more trouble? It’s simply not worth it.
The second reason you shouldn’t pay a ransom is that you will be putting a giant red target on your back. By paying the ransom, you tell cybercriminals that you are an easy victim and they will come back again and again, just like the kid in school that would steal milk money from classmates that were sure just to give it up.
Paying also tells cybercriminals that ransomware still works and because you pay, they will be encouraged to attack other organizations as well. Every dollar you give them is a vote for more of these attacks, which is terrible for our online community.
Finally, the third reason is that paying ransoms is unethical and illegal. Where does the money you pay the attacker to go? A plausible answer is terrorist organizations. Criminal groups, terrorists, and even nations like North Korea use the money that they make from cybercrimes to fund more crimes and nuclear weapons programs. They’re people that you don’t want to fund.
To wrap things up on this topic, when it comes to ransomware, the best thing you can do is restore data from a backup storage device, something your IT department should be using and testing daily. Never pay a ransom.