Security

6 Reasons to Not Pay the Ransom in a Ransomware Attack

July 5, 2023

10 min read

Dale Shulmistra

Data Protection Specialist @ Invenio IT

6 Reasons to Not Pay the Ransom in a Ransomware Attack

by Dale ShulmistraJul 5, 2023Security

One of the greatest threats facing businesses today is the risk of a ransomware attack. By encrypting data, hackers effectively lock companies out of their computer systems, bringing operations to a halt and in some cases forcing businesses to shutter their doors permanently.

Given these high stakes, it’s no surprise that many businesses are forced to consider giving hackers what they want: a ransom payment to decrypt the data. But should they?

In most cases, the answer is no.

Businesses should avoid paying the ransom unless they have no other viable options for survival. In this post, we explore the reasons why.

Should You Pay the Ransom? The FBI Says ‘No’

It’s never a good idea to give in to a cyber criminal’s demands. For one thing, the United States government, and more specifically the FBI, advises that companies do not pay the ransom to hackers. Ransomware attacks are a serious crime, and the act of paying the bad actors just encourages their criminal behavior to continue. We’ll have more to say on that below, but the point here is that law enforcement agencies are very clear that businesses should not pay.

The FBI warns, “The United States Government (USG) does not encourage paying a ransom to criminal actors” and doing so comes with “serious risks.” Among other things, the FBI writes, “Paying the ransom doesn’t guarantee an organization will get their data back. We have seen cases where organizations never got the decryption key after having paid the ransom.” That’s just money down the drain that most companies will never recover (along with their data if they don’t have backups).

Let’s explore this point a bit further, along with other key reasons why the FBI and cybersecurity experts warn against paying the ransom.

Reason #1: There’s No Guarantee You’ll Get the Data Back

We can’t stress this enough: paying the ransom is a gamble, not a guarantee. Hackers are under no obligation to do anything when you pay the ransom. And since payments are made anonymously via cryptocurrency transactions, they can easily just take your money and run.

For businesses, this only adds insult to injury. The hackers clearly win, and the business suffers the embarrassment of having paid up and received nothing in return.

No industry is immune to these risks. All organizations face the threat of ransomware, including healthcare, manufacturing, construction, retail, real estate, hospitality, education and financial institutions. All of them face the same risk of tossing their money down the drain when they pay the ransom.

Case in point: They paid up, and hackers took off.

A staggering 92% of companies that pay the ransom do not get all of their data back, even with a decryption key, according to research by Sophos Cybersecurity. That’s what happened to an undisclosed company in 2021 after being hit by ransomware. A ransomware group known as BlackMatter used a phishing email to deceive a single employee at the company and then fully infiltrated the company’s systems, installing hacking tools across the network. In addition to locking up the company’s sensitive data, attackers threatened to release it publicly if the company didn’t pay up. The company gave in to the demands and paid the ransom – but it didn’t matter. Attackers leaked the data anyway, and the company was forced to restore some of its data from backups.

Reason #2: When You Pay the Ransom, It Only Encourages the Criminals to Launch More Attacks

When you pay a hacker a ransom during a ransomware attack, it just funds their operations and encourages them to continue their criminal actions and behaviors on other companies. You are basically just funding cyber terrorism when you give in to their demands.

Hacking groups can take that money to develop even more advanced methods of using malware to infiltrate vulnerable businesses of all sizes. So by paying the ransom, you only make ransomware worse.

On the flipside, the more obstacles that hackers face in their criminal activities, the chances of them being able to continue to hurt other companies goes down.

Case in point: ransomware is big business.

For sophisticated attackers, ransomware is a reliable way to (illicitly) generate revenue and avoid detection – precisely because so many companies pay the ransom, typically via untraceable crypto payments. Prior to 2020, there were 4 major ransomware groups that were responsible for the majority of attacks around the world. This number ballooned to more than 20 groups within the last 3 years. As of 2023, LockBit was the biggest ransomware group, responsible for an estimated 40% of all attacks. The group rakes in an estimated $91 million in ransom payouts a year from U.S. victims alone, according to figures from Bitdefender.

Reason #3: Your Company Might Be Sanctioned When They Pay the Ransom

As cyberattacks ramped up during the COVID-19 pandemic, the U.S. Treasury issued a statement that warned of the risk of sanctions for paying out ransoms to hackers. In essence, the new guidance made the act of paying the ransom illegal, in theory.

Keep in mind that the people behind ransomware aren’t just individual hackers launching attacks from their basements or coffeeshops around the world. In many cases, they’re foreign nation-states, terrorist groups or other adversaries of the United States. So by paying their ransom demands, you are effectively supporting those adversaries.

The legality of the whole situation is a bit unclear at the moment, but the last thing you want is a large monetary penalty to have to pay to the courts, on top of already paying out a big ransom to the cyber criminals.

Case in point: Feds are going after ransom facilitators, for now

According to some estimates, as much as 15% of ransomware payments involve a U.S.-sanctioned entity. However, the government doesn’t seem to be going after the victims who are forced pay these ransoms – at least not yet. Since the U.S. Treasury announced its threat of sanctions in 2020, we have not heard of any companies being slapped on the wrist for negotiating with their attackers, regardless of whether those attackers are connected with sanctioned groups. But the Feds are going after some facilitators of these payments. In 2021, the Office of Foreign Assets Control (OFAC) sanctioned Chatex, a Russian-operated virtual currency exchange, and a connected entity, Suex, for facilitating payments to ransomware groups. As part of this announcement, the government emphasized that all “companies are encouraged to report all ransomware incidents to law enforcement, as well as any payments with a potential sanctions nexus to OFAC.”

Reason #4: You’ll Be Targeted Again

When you pay the ransom, this puts another target on your back. By paying, you’re telling the hackers. “You win. Your attack worked. We’re willing to pay.” Naturally, this makes your business more likely to be the victim of a second attack.

Plus, if a second attack does occur, the odds are that the hackers will ask for a higher sum of money the next time. Look at it this way, if you feed birds at the beach, they are going to expect food and keep coming back to bother you again and again. You’ll never eat in peace at the beach because the birds expect people to feed them food. It’s a similar thing with hackers. If they know a company is going to pay up, they will continue to launch their attacks against them for the reward of additional ransom payments.

Finally, keep in mind it may not even be the same group to attack the company more than once. Hackers may sell information about the company to other groups. Or, the mere publicity of a successful attack can make the business a target with other hackers.

Case in point: 80% of companies are attacked a 2nd time

A 2022 study by Cybereason found that 80% of companies that paid a ransom were hit again at a later time. Among those, 40% paid up a second time, with 70% of those companies paying a higher amount than in the first attack. The UK’s National Cyber Security Centre recently alluded to one unnamed company that suffered such a repeat attack. The company paid their attackers nearly £6.5million (more than $8 million USD) and successfully received the decryption keys to restore their data. But oddly, they never filled the security gaps that led to the attack. Two weeks later, they were attacked again – by the same attacker – and were forced to pay up a second time.

Reason #5: The Hacker May Simply Increase the Demand

In a statement about previous attacks and the risks of paying the ransom, the FBI writes, “After paying the originally demanded ransom, some victims were asked to pay more to get the promised decryption key.”

When the hacker states the ransom payment they want, and you immediately pay it, what’s to stop them from simply upping the demand after that initial demand is met? There isn’t any guarantee that they will just want one simple payment.

It’s worth reiterating that you should not expect shady cybercriminals who disrupt your business to have any kind of moral compass. When you pay them, you are just falling into the hole of sending them more and more money, without getting your data back in return. The less you give in to them, the better.

Case in point: 1 in 3 victims are asked to pay more

Researchers at Proofpoint found that a third of ransomware victims that paid a ransom were forced to pay an additional ransom payment before receiving their decryption key. When Kansas Heart Hospital was infected with ransomware, disabling some of its most critical systems, administrators decided that the fastest way to recover was to pay the attackers. So they paid up. But the attackers did not release their data. Instead, they asked for more money. While ransomware hackers are sometimes willing to negotiate a lower payment with their victims, other attackers use the initial payment as bait. When companies pay up, it’s a sign that they have no other options, so the attackers ask for more before handing over the decryption key.

Reason #6: Your Cyber Insurance Rates Could Go Up

With the rise of ransomware over the past few years, businesses have begun seeking insurance policies that help to cover the costs of an attack, including ransom payments made to attackers. But once again, paying that ransom, even if it’s via an insurance company, can have consequences.

In addition to the risks outlined above, if you have cyber insurance that is used to pay the ransom demand for you, it’s likely that your insurance rates will go up. The insurance company is covering your business for what they call “cyber extortion” under the umbrella of a cyber liability policy. While it’s a smart move to have this type of insurance “just in case,” you should still think twice before you negotiate with your attackers at all.

Case in point: Premiums up by 50% in one year

For auto insurance, it’s well known that premiums can increase significantly after you have a car accident. The same is true for cyber insurance. One analysis found that 74% of victims that paid a ransom saw a rise in their premiums. But also, premiums can skyrocket even if you haven’t experienced an attack at all. Industry-wide, the costs of cyber insurance have been increasing by as much as 50% per year, due to rising ransomware demands across the globe. Additionally, keep in mind that ransom payments account for as little as 15% of the overall cost of a ransomware attack, according to some estimates. Operational disruptions and prolonged recoveries can be staggeringly expensive. As ransomware continues to wreak havoc on businesses, the costs to insure against these attacks will only continue to increase.

When You Have No Choice But to Pay

We understand that there are some cases where a company feels it has no other option but to go ahead and pay the ransom to the attacker. And the FBI also delicately acknowledges that the question of “whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees, and customers.”

If, for example, a company has no other way to operate with time-sensitive business functioning, it might be in its best interest to take the gamble of paying the ransom. This is especially true for healthcare organizations, whose operations can literally mean the difference between life and death. Such organizations need their data back to function correctly or they run the risk of shutting down permanently.

In these circumstances, you can see why companies may be willing to pay the ransom, even if there’s no guarantee.

But still, this is typically an absolute last resort. And with the right data backup systems in place, businesses may never have to face that decision in the first place.

Make Sure Your Company has a Comprehensive Data Backup Plan

One of the reasons most companies pay the ransom is that they don’t have reliable data backups that can be restored fast enough (if at all).

When the hackers infiltrate your company with ransomware, that important data might be gone forever if you don’t have data backups.

Data backups can restore the data back to a clean slate after a malicious attack. By rolling back to a recovery point from before the infection occurred, you restore your data back to normal and also remove the infection itself. This also eliminates the question of having to pay the ransom.

The type of data backup system you deploy is important. The Datto SIRIS is an all-in-one business continuity and disaster solution that provides dependable protection against ransomware and other data-loss events. In addition to providing fast backups and numerous restore methods, accessible both locally and in the cloud, the Datto SIRIS has built-in ransomware protection to detect early signs of an infection.

By being able to rapidly restore data from backups, you effectively stop an attack in its tracks and never have to face the difficult decision of paying your attackers.

Frequently Asked Questions (FAQ)

1) Does paying the ransom for ransomware work?

In a ransomware attack, paying the ransom does not guarantee that attackers will provide the decryption key. Even with the key, most organizations are unable to recover all their data with decryption alone. In one study, as much as 92% of companies failed to restore all their data even after paying the ransom.

2) What is the current average ransomware payout?

As of 2023, the average ransomware payout exceeded $1.5 million, according to a survey of 3,000 senior IT and cybersecurity professionals. More than 25% of the companies that paid a ransom were forced to pay between $1 million to $5 million.

3) How many ransomware victims pay the ransom?

About 41% of ransomware victims decide to pay the ransom, according to data from Coveware. This figure dropped from 50% the year prior, signifying that more businesses are implementing stronger disaster recovery solutions that remove the risk of paying the ransom.

Conclusion

Deciding whether to pay the ransom in a ransomware attack can be difficult for a business, especially when there are few other viable options. As a rule of thumb, companies should not pay the ransom unless they have exhausted all other options. Instead, businesses are encouraged to implement aggressive preventative measures, as well as robust data backup systems that can rapidly restore systems and eliminate the need to negotiate with attackers at all.

Get a Free Demo

Learn more about protecting your organization from a ransomware attack with BC/DR solutions from Datto. Request a free demo or speak to our business continuity experts at Invenio IT today. Call (646) 395-1170 or email success@invenioIT.com.

I have been working with Invenio for the past 6 years and on a consistent basis I found there support to be outstanding. The primary support representative, Dale S., goes out of his way to ensure his services are beyond my expectation.

Curtis Hill

13:52 04 Oct 22

Great Support staff all around. The system works as described. I've successfully restored a server that was blue screened by updated onboard application incompatibility.

Jeffrey Mondi

15:55 07 Jun 22

We have been working with Invenio IT for about 7 years now. They support of Datto backup system and their support is nothing but the best. They have been great helping set everything up and since then, we just monitor the backups and really have nothing to do as it has been running flawlessly. We an rare issue do occur, I can contact Dale at anytime (I mean anytime, he had answer the phone like 2 am) and he will help in anything I need, whether to spin up a virtual server when one of our production server goes down or we get an error on one of the backups and he looks into it and either resolve it or give us the solution to resolve it. Also, when we needed to upgrade our Datto system, they really go out of their way to give you the best deal which should have cost us a lot but Dale came through and we have been backing up flawlessly. Overall, Invenio IT has great support and always there when you need them. I will recommend them to anyone and I will take them anywhere I go. Thank you Invenio IT, especially to Dale Shulmistra!

Andre Glenn

15:24 03 Jun 22

Invenio IT has been very supportive and a long time vendor. They have supported our backup and recovery needs as well as provide top tier technical service whenever needed. Highly recommend!

Kevin Schnupp

16:24 02 Jun 22

Always goes above and beyond to ensure a great result. Quick responses and work completed on time and accurately. We have used Invenio IT and their Datto service numerous times to bail out customers. They always make us looking amazing and save the customer a lot of heartache. Can't ask for more!

Rajev S

19:32 01 Jun 22

I purchased my Datto backup appliance from Invenio IT (Dale Shulmistra) the best customer service rep. I've had in a while. He will go out of his way to help you in any way he can. Truly a five star!!

George Rodriguez

15:18 01 Jun 22

We've had Datto service with Invenio IT since 2015. While it's rare that we have issues, every time I need Dale's help he get's things done. It's really nice to have reliable service and one less thing to worry about these days. I would highly recommend Dale and Invenio IT.

Jimmy Rabitsch

14:20 01 Jun 22

We have been working with Invenio IT for over 3 years now. They have provided superior customer service and are very responsive. We work directly with Dale who is a pleasure to work with.

Anosh Zaveri

14:09 01 Jun 22

Invenio IT has been an exceptional business & technology partner for our company for many years. They have the best-in-class service (sales & support) and a knowledgeable teams on-staff when we need them the most. Good service; great people.

Larry Lou

14:01 01 Jun 22

Always responsive and helpful with a great team and awesome support, glad to do business with them.

Damien Russell

13:57 01 Jun 22

I worked with 3 techs previous before Darnell Johnson, the three previous were not on the same level as Darnell. His customer service and dedication to make sure all bases are covered are unmatched. 10/10

Jacob B

23:29 13 May 22

Invenio IT is the backbone for my disaster recovery solution. If I have anything wrong with my backups I am getting a call from Dale. This type of support is awesome especially when backing up 100+ servers.

Paul Gugel

02:18 24 Jan 19

Invenio IT has provided us with an excellent BDR solution in the Datto SIRIS. An enterprise-level solution at a reasonable cost, along with simplicity and ease-of-use, were a few items that helped us move to a Datto SIRIS. The only surprise was the extremely detailed level of service and support we received from Invenio IT. After 20 years of IT experience as a support professional myself, I did not expect to be surprised by the sustained, over-the-top level of support and professionalism that we received from Dale and the Invenio IT team. But I was surprised, and very happily so. Actually, I couldn't be happier!

Clyde Cornelius

15:08 07 Jun 18

The Datto Siris product works well and the web portal for management is excellent. My Invenio Rep is attentive, gets in front of issues and monitors the backup service.

Edward Caco

15:31 05 Jun 18

Great product! Great Service. I was up and running in no time.

Theodore Herrmann

21:35 04 Jun 18

I highly recommend Invenio IT to everyone. They provide amazing customer service. They are very responsive, and quick to resolve any issues or concerns. They have been a tremendous resource for several IT projects. One product / service in particular that is an absolute must is their backup services using the Datto SIRIS. This is just one example of many that has simplified my life while giving me much improved data security. I have full confidence and peace of mind knowing my data is secure and always available. By far the absolute best IT company I have ever dealt with.

Robert Bearry

19:41 04 Jun 18

I am very pleased with the Datto project and support offered at Invenio IT. The professionalism and speedy response to all of my issues have been handled impeccably. I would highly recommend their services. -Billy

William Porche

19:33 04 Jun 18

We were looking for a product which will verify the backup everyday without our intervention. For our size, Datto Alto 4 by far is the best product available on the market for the up-front and recurring price. Everyday it shows that the image backup is boot-able. We did the test by visualizing the server in the cloud and connecting seven work stations to it, and it worked flawlessly. Dale from Invenio IT was there every step of the way from purchase to install to testing. He provided exceptional service. He oriented us to Datto environment very well and is always available to answer questions. Further, every day he is monitoring the backups and ensuring the success. We are very pleased with the results. Thank you Dale!

Yogesh Mantri

21:09 24 May 18

Datto/Invenio was installmental in saving my business. The SIRS had a snapshot of beginning of the day. So I was good to go in minutes with the last backup thank you invenioIT.

Kim Zayac

16:41 03 Nov 17

We have the Datto SIRIS through Invenio IT and we couldn't be happier. Great team with exceptional customer service. Keep up the good work!

Rachel Leventhal

21:34 17 Aug 17

Invenio IT is simply awesome! I have been working with Dale for a couple of years now and the service and after sales support is great. I have submitted support requests and literally have had them resolved in under 20 minutes. That is great service!

gramfer

12:36 03 Aug 17

I have a SIRIS2 backup hardware which is an outstanding product and Invenio IT is one of the best support companies out there. They keep me informed of anything that is going on with my backups.

01:23 26 Jul 17

Quick response and good customer relationship. We been working with Invenio for over a year and it has been good results all around. Keep up the good work.

Date Kouy

20:06 20 Jul 17

Incredible professionalism from the Invenio staff. Hard working, a joy to do business with, and true innovators. This is a company that values its partnerships and will always do what's best for the customer.

Grant Brown

20:34 18 Jul 17

So... how complicated would your life be if you lost precious data files and there was no chance of recovery. Sounds scary. Yes it does. Life can be easier. You can take an associates human error of erasing or losing work or even an equipment failure that would have you work through the weekend in stride. Deploying a DATTO Sirus will protect your data locallly and in the cloud with so many easy ways to recover when the need arises. Support is excellent and reliable. Get a DATTO Sirus and rest... assured!

Ron Rizzi

20:09 17 Jul 17

Solid Datto support for our server systems. In the rare event there's been an issue, Invenio often knows before we do and has a fix ready. They are highly responsive to questions and keep our backup system.

Jason Blair

16:51 17 Jul 17

The fantastic Datto SIRIS coupled with the helpful folks at Invenio IT have let me stop worrying about my backups and disaster recovery plans to focus on more important things such as my morning coffee and keeping users from destroying the network before lunch.

Matthew Fex

16:35 17 Jul 17

Great partner to have. I recently joined the company I work for and found that they have a Datto backup system. I have never used the system and with the assistance of Dale at Invenio IT the learning curve has been an easy one. They typically let me know if something has gone wrong before I even knew it happened. Bottom line, outstanding support. I would highly recommend them for your IT services needs.

Gary Collier

16:11 17 Jul 17

Purchasing my SIRIS3 through Invenio IT has been one of the best decisions I’ve made. They always reach out to help whenever a problem arises, often before I even know there’s an issue with my backups. When my business got hit with Ransomware, I was able to restore my entire environment within a matter of hours thanks to my SIRIS3 and Invenio IT!

Gregory Carwile

16:08 17 Jul 17

The Invenio IT staff is friendly and knowledgeable! They really know everything about the Datto SIRIS

annmarie kotsianas

03:20 02 Jul 17

Can't say enough about the folks at Invenio. They are experts in business continuity and a pleasure to work with!

Michael Marlin Jr.

16:50 28 Jun 17

Invenio IT is a great organization to work with. Their consulting and managed services are exceptional are always at the leading edge of I.T. Strategy and execution, anticipating what you need before you experience an expensive order of magnitude "issue". They lead with integrity and clear down to earth communications. Highly recommended.

Leander Gillard

16:19 19 May 15

Great company medium sized organizations, handles all the management of data integrity, data redundancy/backup and all of your data management needs. I was truly lucky to have a excellent company supporting my orgazation when we did actually encounter data issues. Invenio IT was able to quickly assess and analyze the problem and then fix our issues with no down-time and little to no effect on our user base. Thank you Invenio IT.

Employment Employment

15:04 06 May 15

Invenio IT has supported my business for the past few years and I have had a great experience. The staff is knowledgeable and go out of their way to make technology simple to understand. If you are in need of a strategic (and friendly) IT partner, I would consider this company.

T. Rock

14:22 06 May 15

‹

›

Security

6 Reasons to Not Pay the Ransom in a Ransomware Attack

July 5, 2023

Dale Shulmistra

6 Reasons to Not Pay the Ransom in a Ransomware Attack

Should You Pay the Ransom? The FBI Says ‘No’

Reason #1: There’s No Guarantee You’ll Get the Data Back

Case in point: They paid up, and hackers took off.

Reason #2: When You Pay the Ransom, It Only Encourages the Criminals to Launch More Attacks

Case in point: ransomware is big business.

Reason #3: Your Company Might Be Sanctioned When They Pay the Ransom

Case in point: Feds are going after ransom facilitators, for now

Reason #4: You’ll Be Targeted Again

Case in point: 80% of companies are attacked a 2nd time

Reason #5: The Hacker May Simply Increase the Demand

Case in point: 1 in 3 victims are asked to pay more

Reason #6: Your Cyber Insurance Rates Could Go Up

Case in point: Premiums up by 50% in one year

When You Have No Choice But to Pay

Make Sure Your Company has a Comprehensive Data Backup Plan

Frequently Asked Questions (FAQ)

1) Does paying the ransom for ransomware work?

2) What is the current average ransomware payout?

3) How many ransomware victims pay the ransom?

Conclusion

Get a Free Demo

Ransomware attacks in finance hit new high (2023 report)

Prepare for the Worst: 6 Critical Types of Disaster Management

Ransomware Attacks in Manufacturing on the Rise [2023 Report]