We’ve heard countless times of how a corporation or a university chose the quick-fix method of paying a ransom to crooks to get their data back. But in the process of doing so, they put themselves at great risk and more vulnerable in the future.
It’s like a never-ending vicious cycle. Picture this:
Governments across the world take on debt and find themselves unable to pay off in time. To tackle this situation, they take on more debt to pay back their previous debts, hence only adding to the problem.
If you are taking on more debt just to pay your previous loans, it is a debt trap, or as we’d like to call it a death trap! Oh, we forgot to mention those interest payments are mounting up to be more than the initially borrowed principal amounts, ouch!
There is no difference between a debt trap and a ransomware payment. The more companies decide on paying ransom amounts, and getting their data back in a short amount of time, the more these hackers will stage these attacks, demanding even higher ransom payments. Again, it’s a never-ending vicious cycle.
Today, we’re discussing why paying a ransom in a ransomware incident is the quickest and simplest fix, but one that ignores long-term problems.
Despite repeated warnings from cybersecurity companies, the FBI and several law enforcement authorities globally, cyber insurance companies continue to be a part of ransomware victims paying extortion money to criminals.
An organization can require a lot of time, effort and money to restore their files from backups, and want to be up and running in the shortest amount of time possible. Here are some of the reasons why paying out without professional help isn’t a good idea:
1. You become a repeat target
The moment you pay, you are indirectly inviting criminals for “another party” at some time in the future. It isn’t much different from a debt trap!
You are helping the underground economy grow at an unprecedented scale when paying ransom demands, especially when there is not a professional team involved with minimizing the ransom demand.
Once you are hit with ransomware, criminals won’t take much time to discern from a look at your data whether or not you’ve got cyber insurance. And if you do, boy you are in for a lot of trouble.
2. You may be violating US Treasury Department’s advisory
On 1st of October, 2022, the US Department of Treasury issued a warning to ransomware victims and all companies involved in processing ransom payments for restoration of data.
What was the warning?
If you pay ransom, or get help from a company to become a mediator in the process of doing so, you can be sanctioned and heavily fined under civil penalties.
The treasury and OFAC maintains a list of SDNs or Specially Designated Nationals and companies that have been restricted from doing business with any party within US Jurisdiction which is many times extra-territorial.
3. You might be causing the cost of cyber insurance premiums to rise
Whenever a ransomware victim files a cyber insurance claim, their provider often suggests to facilitate, and negotiate in paying the ransom money.
Because it is often the cheapest mode of recovery. Insurance firms want the problem fixed at the lowest cost possible and they would like to see their clients survive ransomware attacks. We can not blame insurance companies for wanting the best for their clients.
In the long run, cyber insurance companies may raise their premiums to compensate for ransomware payments down the road and the increase in risk that must be accounted for in providing insurance. Debt trap, isn’t it?
4. You may never receive the decryption key at all
While many ransomware victims receive the decryption key after making payments, some never get to hear back from the criminals. This goes on to show why making a payment does not come with a 100% guarantee of receiving a decryption key.
We know how important it is to get back up and running. We also understand your business is severely hampered by a ransomware attack. But paying ransom is never a permanent solution, rather a quick fix.
Always have backups, and no matter how much time it takes, ensure you recover files from backed up data. Do not pay these hackers unless absolutely necessary to prevent business closure and loss of employment.
If you must consider the payment of a ransom demand, it is highly advisable that a professional incident response team such as BeforeCrypt be brought on to handle the situation in a controlled fashion, while providing reporting and security advice to prevent future ransomware attacks and breaches from occurring.
As a cybersecurity company, we understand the need of getting back up on your feet in the shortest time possible is critical for your business. While we understand that paying ransom is not the solution, for many companies, it is the only option. Given the time and effort it takes to restore data, and remain offline, many companies choose to pay the extortion amount.
We realize that sometimes paying ransom is the only option, but everytime you pay, you are making yourself an easy target. While paying ransom is the quickest fix, it absolutely isn’t a long-term solution.
Instead, it’s important you do the following:
- Train employees on cybersecurity
- Rope in a cybersecurity company for a complete data recovery plan
- Do not open any suspicious-looking emails or attachments
- Make regular backup copies of your data
- Leverage the powerful features of the cloud
BeforeCrypt is a leading German-based ransomware data recovery company providing cybersecurity consultancy services to small businesses and Fortune 500 companies worldwide. We know the importance of data and will help you every step of the way to harden your network, and get the most out of a comprehensive cybersecurity plan.