Ransomware attacks have been on the rise in recent years, with more and more businesses and individuals falling victim to this type of attack. For example, 2020 saw a 311% increase—compared to 2019—in the amount paid by cyberattack victims to their attackers.
Specifically, cyberattack victims paid almost $350 million worth of cryptocurrency to stop the cyberattack and retrieve their files. Cryptocurrency (e.g., bitcoin) has become the currency of choice for cyberattackers due to the fact that it is extremely difficult to trace, lessening the likelihood that they will get caught.
One of the most pressing questions asked by victims of a ransomware attack is: should they pay the ransom, or not? In this article, we’ll look at what ransomware is as well as examine the pros and cons of paying the ransom during a ransomware attack.
What Is Ransomware?
Ransomware is a type of malware that encrypts a victim’s files, making them inaccessible. The attacker then demands a ransom, usually in cryptocurrency, in order to release the files. These types of cyberattacks can be extremely disruptive and costly for businesses and individuals. That’s why it’s important to be aware of the risks and take steps to protect yourself.
There are three types of ransomware: encrypting ransomware, locker ransomware, and crypto ransomware.
-
Encrypting ransomware is the most common type and is used to encrypt files so that they can’t be opened.
-
Locker ransomware is used to lock users out of their computers.
-
Crypto ransomware is used to encrypt the victim’s entire hard drive.
Ransomware attacks usually start with a phishing email that contains a malicious link or attachment. When the victim clicks on the link or opens the attachment, the malware installs itself onto the computer and begins the process of replicating itself and spreading to all computers on that network.
Once the software executes, it encrypts all of the files and usually provides instructions on how much the attacker wants to send a decryption key, and instructions for payment. There is no guaranteed way to decrypt your files without paying.
Pros and Cons of Paying During a Ransomware Attack
Many CEOs would prefer to pay the “ask” during a ransomware attack, given they feel as if they have no choice. However, there are many more drawbacks to paying than there are advantages.
Pro: Lack of downtime.
If you pay the ransom as requested, immediately after the attack occurs, your business downtime could be negligible, perhaps only a few hours.
Con: Misplaced Trust
Most cyberscammers seem to abide by the maxim, “It’s morally wrong to allow a sucker to keep his money” (W. C. Fields). In other words, a lack of downtime will only be the case if you have an attacker who will keep their word and send you the correct decryption key once payment is received.
Unfortunately, it is far more likely that the attacker will take the money and run. If people are unscrupulous enough to launch a ransomware attack in the first place, you can’t count on them to keep a bargain either.
Pro: Potential financial savings.
It may be cheaper to pay the ransom than to rebuild your entire IT infrastructure and network.
Con: A fool and his money…
Like the government, we shouldn’t negotiate with terrorists. If you concede to the attacker’s demands, you may become identified on the dark web as an entity that does pay, which could open you up for more attacks. The attacker will share the story of their attack to other hackers, who may decide to duplicate those efforts.
The FBI also recommends NOT paying cyberattackers. As they say, “Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
What Should You Do if You’re the Victim of a Ransomware Attack?
There are a few important things to keep in mind if you find yourself the victim of a ransomware attack.
First, do not panic. This can be difficult, as it can be a very frightening experience, but it is important to remain calm so that you can think clearly and act quickly.
Second, do not try to remove the ransomware yourself. This is very important, as attempting to do so can lead to further damage to your system and data. Instead, contact a professional, such as Socium Solutions, who can advise you on next steps and work toward safely removing the ransomware and retrieving your data.
Finally, make sure to back up your critical data regularly to a secure, cloud-based storage facility. This will help ensure that if you do find yourself the victim of a ransomware attack, you will not lose all of your important data.
Above all, however, prevention is key. As the popular saying goes, the best defense is a good offense. Educate your employees about ransomware frequently and engage in simulated phishing exercises to identify shortcomings in your preventative measures and training protocols. Ensure that all of your network software and cybersecurity protections are robust and kept up-to-date so that hackers can’t exploit any known vulnerabilities.
If you need assistance with any of the above, contact Socium Solutions. We will work with your business to ensure that you will not be seen as an easy target for anyone seeking to launch a ransomware attack.