Ransomware is now identified as a national security risk and companies are paying up – meatpacker JBS says it paid hackers $11 million to resolve its recent ransomware attack. Worst yet, double extortion ransomware attacks are becoming a more common scare tactic used by hackers.
This drives the question – to pay or not to pay ransomware? The truth is there’s no easy answer, especially when a new study shows that “80% of organizations that paid the ransom were hit by a second attack, and almost half were hit by the same threat group.”
To help determine your ransomware response, you must understand how attackers are leveraging a new tactic, Double Extortion. Here are some thoughts from our resident expert Stephen Jones.
What Are Double Extortion Ransomware Attacks?
Double extortion is when a hacker both steals a copy of your data, and either deletes or encrypts the local copy. The criminal asks the business or individual to pay to unlock the local copy and then pay again to ensure that the stolen information is not leaked, dumped, or shared.
The Pros of Paying after a Ransomware Attack
The most obvious advantage of paying the ransom is that it’s possible the hacker will do what they’ve promised. You may get access to your data relatively quickly, allowing you to rebuild your network without having to start from scratch. This option may ultimately be more affordable than having to go back to the drawing board.
Paying the ransom may also appease the criminal, which can be a valuable thing if they already have a foothold in your environment. If you refuse to pay, the hacker may choose to wreak havoc with your business or data in more ways than one.
The Cons of Paying after a Ransomware Attack
If you pay the ransom, you are essentially putting your trust in a known thief. It explains why the statistics for getting your information back are not encouraging by any stretch. Many criminals will simply pocket the money and cut contact entirely. They might even go onto sabotage your network even after receiving the payment.
Those who pay also mark themselves as someone who is willing to pay, which can make them a bigger target down the road. Larger criminal organizations are known to sell information about their payouts to smaller criminals who are even less likely to play by the rules. Businesses and individuals who pay the ransom are also supporting a criminal organization, making the thieves far more likely to continue stealing from other people.
In addition, the quality of your returned information is not always worthwhile. The Colonial Pipeline team may have paid the ransom, but the decryption tool they received in return was so slow and clunky that they needed to rebuild their network from scratch anyway. Once your information is returned, it’s going to take quite some time to organize, verify, and catalog it all.
Deciding whether to pay after a ransomware attack is a gamble on either side of the equation. You may save plenty of money if you choose not to pay, but the eventual costs for your business to rebuild or the costs of a malicious Easter egg or two can be catastrophic for a company. It’s ultimately a difficult decision, one that should be made based on everything from the individual hacker involved to the number of hours needed to recover your network.
Ready to Get Protected?
Dataprise Managed Cyber provides the real-time detection, validation, reporting and response capabilities needed to protect an organization’s IT environment from end-to-end. We expertly combine world class MDR with an elite team of security analysts and a complete cybersecurity program to increase visibility, shut down bad actors quickly and dramatically improve your security posture.
Want to Learn More?
Check out these articles and our Cyber Guidebook.
5 Dos and Don’ts if You’ve Been Hit with Ransomware
The 10 Weakest Links in Cybersecurity
The Three Critical Elements of Cybersecurity Visibility