Ransomware Payment: To Pay, or Not to Pay? That Is the Question
When Colonial Pipeline was brought down by a group of hackers in 2021, the company was forced to shell out $4.4 million in ransom to restore their oil operations. In early July last year, REvil demanded $70 million in ransom, the highest ever. Despite federal and homeland security agencies dissuading companies from attempting to pay ransoms, the Veeam 2022 Ransomware Trends Report found that 76% of organizations admit to paying ransomware criminals, with one-third still unable to recover data.
In fact, remote work also opened the floodgates for cyberattacks that birthed the demand for ransoms in return, hinted experts. According to Reuters , up to 1,500 businesses were affected by ransomware attacks last year. Another report by the Institute for Security + Technology found that the total amount paid by ransomware victims increased by 311% in 2020, reaching nearly $350 million worth of cryptocurrency. It therefore begs the question – what happens when organizations are hit by a ransomware attack? Is paying ransom a good idea? What happens if companies pay ransom to restore data? How can companies prepare to safeguard from ransomware attacks? Here’s a peek at what security experts advise companies should do if hit by a demand for ransom:
There is no silver bullet when it comes to protecting against ransomware. A ransomware attack A prime example of this was the WannaCry virus attack in May 2017, where 200,000+ computers worldwide were infected due to a weakness in Windows SMB EnternalBlue, which allowed hackers to hijack computers running on an unpatched Microsoft Windows operating system. Users were asked to pay anywhere from 300-700 bitcoins to decrypt the data in 3 days. “ After encrypting data on infected computers, ransomware attackers often ask users to pay to decrypt the data and give them a set number of days before they have to pay or risk losing their data, ” Vishal Salvi, CISO and head of cybersecurity practice at Infosys, a global digital services and consulting corporation told Spiceworks.
