For my last bit on ransomware, I’m going to focus on what the criminals want you to do, which is to pay the ransom. In my previous post, I talked briefly about how paying a ransom could be seen as a business decision, such as choosing whether to pay a $16,000 ransom versus riding it out and paying maybe $50,000 in damages, or losing possible profit.
While some people definitely make decisions like this, I strongly recommend that you do not. If you fall victim to ransomware, don’t pay the ransom, no matter how low the price tag is. Whether you do get your data back or not, your organization still has a responsibility to protect your clients’ personal information. You are violating information security laws by falling prey to ransomware. But the files are still there, just locked. Why is this a data breach then? It’s still classified as a data breach because how do we know that the attacker who locked your data didn’t make a copy for themselves to sell to other criminals? Or what if they altered the data before returning it to you, and your incorrect records get you into trouble? It’s simply not worth it.
The second reason you shouldn’t pay a ransom is that you will be putting a giant red target on your back. By paying the ransom, you tell cybercriminals that you are an easy victim and they will come back again and again, just like the kid in school that would steal milk money from classmates that were sure just to give it up. This also tells cybercriminals that ransomware still works and because you pay, they will be encouraged to attack other organizations as well. Every dollar you give them is a vote for more of these attacks, which is terrible for our online community. Finally, the third reason is that paying ransoms is unethical. Where does the money you pay the attacker to go? A plausible answer is terrorist organizations. Criminal groups, terrorists, and even nations like North Korea use the money that they make from cybercrimes to fund their physical crimes, and they’re people that you don’t want to fund.
To wrap things up on this topic, when it comes to ransomware, the best thing you can do is restore data from a backup storage device, something your IT department should be using and testing daily. Never pay a ransom.