6 Reasons to Not Pay the Ransom in a Ransomware Attack
Given these high stakes, it’s no surprise that many businesses are forced to consider giving hackers what they want: a ransom payment to decrypt the data. But should they?
In most cases, the answer is no.
Business should avoid paying the ransom unless they have no other viable options for survival. In this post, we explore the reasons why.
Should You Pay the Ransom? The FBI Says ‘No’
It’s never a good idea to give in to a cyber criminal’s demands. For one thing, the United States government, and more specifically the FBI, doesn’t recommend that companies pay ransoms to hackers, since it’s a serious crime, and the act of paying them just encourages their criminal behavior to continue. We’ll have more to say on that below, but the point here is that law enforcement agencies are very clear that businesses should not pay.
The FBI warns, “The United States Government (USG) does not encourage paying a ransom to criminal actors” and doing so comes with “serious risks.” Among other things, the FBI writes, “Paying the ransom doesn’t guarantee an organization will get their data back, we have seen cases where organizations never got the decryption key after having paid the ransom.” That’s just money down the drain that most companies will never recover (along with their data if they don’t have backups).
Let’s explore this point a bit further, along with other key reasons why the FBI and cybersecurity experts warn against paying the ransom.
Reason #1: There’s No Guarantee You’ll Get the Data Back
We can’t stress this enough: paying the ransom is a gamble, not a guarantee. Hackers are under no obligation to do anything when you pay the ransom. And since payments are made anonymously via cryptocurrency transactions, they can easily just take your money and run.
For businesses, this only adds insult to injury. The hackers clearly win, and the business suffers the embarrassment of having paid up and received nothing in return.
No industry is immune to these risks. All organizations face the threat of ransomware, including healthcare, manufacturing, construction, retail, real estate, hospitality, education and financial institutions. And, all of them face the same risk of tossing their money down the drain when they pay the ransom.
Reason #2: When You Pay the Ransom, it Only Encourages the Criminals to Launch More Attacks
When you pay a hacker a ransom during a ransomware attack, it just funds their operations and encourages them to continue their criminal actions and behaviors on other companies. You are basically just funding cyber terrorism when you give in to their demands.
Hacking groups can take that money to develop even more advanced methods of using malware to infiltrate vulnerable businesses of all sizes. So by paying the ransom, you only make ransomware worse.
On the flipside, the more obstacles that hackers face in their criminal activities, the chances of them being able to continue to hurt other companies goes down.
Reason #3: Your Company Might Be Sanctioned When They Pay the Ransom
As cyberattacks ramped up during the COVID-19 pandemic, the U.S. Treasury issued a statement that warned of the risk of sanctions for paying out ransoms to hackers. In essence, the new guidance made the act of paying the ransom seem illegal.
Keep in mind that the people behind ransomware aren’t just individual hackers launching attacks from their basements or coffeeshops around the world. In many cases, they’re foreign nation-states, terrorist groups or other adversaries of the United States. So by paying their ransom demands, you are effectively supporting those adversaries.
The legality of the whole situation is a bit unclear at the moment, but the last thing you want is a large monetary penalty to have to pay to the courts, on top of already paying out a big ransom to the cyber criminals.
Reason #4: Paying Puts a Target on a Company’s Back
When you pay the ransom, this puts another target on your back. By paying, you’re telling the hackers. “You win. Your attack worked. We’re willing to pay.” Naturally, this makes your business more likely to be the victim of a second attack.
Plus, if a second attack does occur, the odds are that the hackers will ask for a higher sum of money the next time. Look at it this way, if you feed birds at the beach, they are going to expect food and keep coming back to bother you again and again. You’ll never eat in peace at the beach because the birds expect people to feed them food. It’s a similar thing with bothersome hackers. If they know a company is going to pay up, they will continue to launch their attacks against them for the reward of additional ransom payments.
Finally, keep in mind it may not even be the same group to attack the company more than once. Hackers may sell information about the company to other groups. Or, the mere publicity of a successful attack can make the business a target with other hackers.
Reason #5: The Hacker May Simply Increase the Demand
In a statement about previous attacks and the risks of paying the ransom, the FBI writes, “After paying the originally demanded ransom, some victims were asked to pay more to get the promised decryption key.”
When the hacker states the ransom payment they want, and you immediately pay it, what’s to stop them from simply upping the demand after that initial demand is met? There isn’t any guarantee that they will just want one simple payment.
It’s worth reiterating that you should not expect shady cybercriminals who disrupt your business to have any kind of moral compass. When you pay them, you are just falling into the hole of sending them more and more money, without getting your data back in return. The less you give in to them, the better.
Reason #6: Your Cyber Insurance Rates Could Go Up
With the rise of ransomware over the past few years, businesses have begun seeking insurance policies that help to cover the costs of an attack, including ransom payments made to attacks. But once again, paying that ransom, even if it’s via an insurance company, can have consequences.
In addition to the risks outlined above, if you have cyber insurance that is sued to pay the ransom demand for you, it’s likely that your insurance rates will go up. The insurance company is covering your business for what they call “cyber extortion” under the umbrella of a cyber liability policy. While it’s a smart move to have this type of insurance “just in case,” you should still think twice before you negotiate with your attackers at all.
When You Have No Choice But to Pay
We understand that there are some cases where a company feels it has no other option but to go ahead and pay the ransom to the attacker. And the FBI also delicately acknowledges that the question of “whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees, and customers.”
If, for example, a company has no other way to operate with time-sensitive business functioning, it might be in their best interest to take the gamble of paying ransom. This is especially true for healthcare organizations, whose operations can literally mean the difference between life and death. Such organizations need their data back to function correctly or they run the risk of shutting down permanently.
In these circumstances, you can see why companies may be willing to pay the ransom, even if there’s no guarantee.
But still, this is typically an absolute last resort. And with the right data backup systems in place, businesses may never have to face that decision in the first place.
Make Sure Your Company has a Comprehensive Data Backup Plan
One of the reasons most companies pay the ransom is that they don’t have reliable data backups that can be restored fast enough (if at all).
When the hackers infiltrate your company with ransomware, that important data might be gone forever if you don’t have data backups.
Data backups can restore the data back to a clean slate after a malicious attack. By rolling back to a recovery point from before the infection occurred, you restore your data back to normal and also remove the infection itself. This also eliminates the question of having to pay the ransom.
The type of data backup system you deploy is important. The Datto SIRIS 4 is an all-in-one business continuity and disaster solution that provides dependable protection against ransomware and other data-loss events. In addition to providing fast backups and numerous restore methods, accessible both locally and in the cloud, the Datto SIRIS has built-in ransomware protection to detect early signs of an infection.
By being able to rapidly restore data from backups, you effectively stop an attack in its tracks and never have to face the difficult decision of paying your attackers.
Get a Free Demo
Learn more about protecting your organization from a ransomware attack with BC/DR solutions from Datto. Request a free demo or speak to our business continuity experts at Invenio IT today. Call (646) 395-1170 or email success@invenioIT.com.