<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=900254546818932&amp;ev=PageView&amp;noscript=1">
July 22, 2021 (877) 771-2384 sales@wheelhouseit.com Fort Lauderdale · New York · Los Angeles

Why Paying Ransomware Hackers Is a Bad Idea

Paula Candelario

Someone in your organization opens an unfamiliar email attachment. The next thing you know, you are locked out of your systems, and your business grinds to a halt. That is when the ransom message comes. “Pay us and you will get your data and system capabilities back. Ignore us and we’ll start deleting everything.”

Although it may be sorely tempting to pay the ransom and get back to business as usual, doing so may do more harm than good.

You Have No Guarantees

The first reason that you should not pay for a ransomware attack is that you have no guarantees regarding the outcome. What is stopping the cybercriminals from taking your money and not giving you anything back? Nothing. You will have lost time and money at that point.

Another possibility is that the criminals might suddenly ask for more money after giving you back some files. They know you are desperate, and they want to wring out as much money as possible before they cut ties. Again, you will lose time and money.

Even if everything goes to plan, you may not end up getting a positive outcome.

Censuswide polled 1,263 security professionals and discovered that paying the ransom could lead to highly negative results. The poll discovered that:

  • 80% of organizations that paid their ransomware attackers the ransom experienced a second attack
  • 46% believe that the same hackers were responsible
  • 46% of organizations that paid the ransom found that at least some of their data was corrupted
  • 51% of organizations did not experience data loss or corruption
  • 3% were not able to retrieve their data at all

It is better to start a recovery process rather than to become one of the aforementioned statistics by paying.

Paying Can Inspire Another Attack

As previously mentioned, a large number of organizations that paid the ransom were subjected to another attack.

We have all witnessed the movie trope where a government “doesn’t negotiate with hostile groups.” That approach is not macho nonsense, it is the most effective approach. By paying a ransom for stolen data or system access, you have shown the attackers three things:

  1. Your business has the money and willingness to pay for ransom attacks
  2. Your business is vulnerable to such attacks
  3. You will likely pay for future attacks

Withholding payment and not contacting the criminals is the best approach to take. Furthermore, if you do suffer an attack, then it’s time to consult your internal IT team or a third-party team to enhance your security for the future and stave off the next attack.

Instead, Enter Recovery Mode and Prepare

The best approach to a cybersecurity incident is to activate your contingency plans with your IT team and begin working to recover your information and systems from backups.

Moreover, it’s time to get your entire team together to talk about the security incident and how to prevent one from occurring in the future. The goal is not to embarrass the person that acted as the vector for the attack but to stop the next attack before it starts.

A day of downtime and a training session will set you back, but it will be far less costly in money and future security than paying a ransom.

Not every business has backups, a recovery process, and an IT team that can provide reactive training to its workers. Although you may believe that a small to medium-sized business is not at risk, the statistics show otherwise.

Fortunately, any business can consult a managed services provider like WheelHouse IT to get a security audit and start piecing together a security suite that will reduce your company’s risk of suffering a ransomware attack.

Start by calling (877) 771-2384 or emailing sales@wheelhouseit.com to get the ball rolling.

security, ransomware, network security

We’re Very Social!

CISA Security Alerts

New call-to-action