Why You Should Never Pay a Ransomware Ransom

April 24, 2018

Mike Smith, Network Infrastructure Consultant

In the wake of a recent ransomware attack at the City of Atlanta, the question has been raised (again) about whether to pay a ransom or not. It appears the city ended up not paying, but other cities and government entities have done so. Unfortunately, IT professionals and law enforcement sometime give mixed signals about paying ransom. But you should never pay.

Here’s why.

1. It is never guaranteed that criminals will unencrypt your data
Criminals often ask for thousands of dollars in ransom. Would you take thousands of dollars from your city treasury and then flip a coin to see if you keep it? That’s essentially what happens when you pay criminals.

According to SentinelOne's Global Ransomware Report 2018 (reported in KnowBe4), “45% of US companies hit with a ransomware attack last year paid at least one ransom, but only 26% of these companies had their files unlocked.” Yes, only 26 percent! With such a low chance of your ransom actually unencrypting your data, it’s not wise to throw thousands of dollars at criminals. Plus, if you pay, criminals may also ask for more money or target you again—viewing you as a nice source of revenue!

2. It is never guaranteed that criminals will restore your data as it was
Once you get your data back, do you know for sure that it’s unaltered? If criminals had access to it, they could do anything with it. Delete some of it. Corrupt it. Implant malware into it. Who knows? These are criminals. You can’t trust them.

In some cases, ransomware attacks are led by sophisticated nation states or professionally organized criminal syndicates with deep pockets and resources. Who knows what they’ve done with and to your data before they give it back.

3. It is never guaranteed that criminals will no longer have access to your data
Remember, these criminals held your data hostage. By paying a ransom, you are trusting a criminal to perfectly return your data back to its previous state. And maybe they’ll also nicely clean up the mess they made to your data, computers, and network—and lock the door behind themselves on the way out?

Don’t bet on it. How do you know they don’t intend to still use the data they held hostage? You don’t know for sure if criminals accessed your data, still have your data, and intend to use your data for malicious purposes.

4. You’re supporting a criminal enterprise by paying the ransom
Why is ransomware so rampant right now? Because it works. People are falling victim and then paying the ransom. If no one paid, criminals would not make money.

If you pay the ransom, you’re funding criminal activity and encouraging it to continue. It’s no different than traditional blackmail or ransom. By not paying the ransom, you’re helping to cut off the lifeblood from these crime rings.

5. You’re further avoiding taking proactive steps to protect your environment
Ransomware need not cripple you. Some key best practices include:
 
  • Data backup and disaster recovery: Because there is no guarantee that you’ll get your data back after paying a ransom, you need to take steps to ensure you can retrieve your data even after a ransomware attack. A tested onsite and offsite data backup and disaster recovery plan is your best insurance against a ransomware attack.
  • Proactive IT support, maintenance, and monitoring: This includes antivirus software kept up to date, security patches applied to software, and senior IT professionals monitoring your systems for red flags.
  • Ongoing employee training: All it takes is one employee clicking on a malicious email attachment or website link to download ransomware into your systems. However, ongoing training can help employees spot phishing attacks and avoid malware.

You should never pay a ransom, and you should never be in the position of even considering it as an option. Don't be that city leader who ignores the auditors, ignores best practices, ignores red flags and warning signs, and doesn’t ask “What are we doing about this problem?” until your ransomware attack is front page news.
 

Back to Listing