{"id":166650,"date":"2024-08-06T07:19:37","date_gmt":"2024-08-06T07:19:37","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=166650"},"modified":"2024-08-06T07:19:38","modified_gmt":"2024-08-06T07:19:38","slug":"ransomware-organizations-should-avoid-paying-ransoms","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/166650\/uncategorized\/ransomware-organizations-should-avoid-paying-ransoms.html","title":{"rendered":"Should Organizations Pay Ransom Demands?<\/gwmw>"},"content":{"rendered":"
<\/div>\n

Ransomware attacks are the most significant risk for modern organizations, why organizations should avoid paying ransoms.<\/h2>\n\n\n\n

Ransomware attacks are the most significant risk for modern organizations, with the Verizon Data Breach Report 2024<\/a> reporting that ransomware is a top threat across 92% of industries. In recent years, the number of ransomware attacks<\/a> has grown significantly. Actors have become more sophisticated, advancing their tactics, techniques, and procedures, such as with double extortion, a trend in which attackers exfiltrate and leverage sensitive data to force victims to pay the ransom demand.<\/p>\n\n\n\n

However, despite ransomware being such a persistent and pervasive problem, experts still need to agree on how best to respond to it, particularly on whether or not to pay ransom demands. Let’s explore both sides of the debate.<\/p>\n\n\n\n

What is a Ransomware Attack?<\/h2>\n\n\n\n

First, let’s briefly clarify what a ransomware attack is. Ransomware is a type of malicious software or malware that cybercriminals use to encrypt<\/a> a victim’s data or lock them out of their system. The attacker then demands a ransom payment, typically in cryptocurrency, in exchange for providing a decryption key or unlocking the system.<\/p>\n\n\n\n

Why Organizations Should Avoid Paying Ransoms<\/gwmw><\/h2>\n\n\n\n

Perhaps the most compelling argument for refusing to pay ransom demands is that handing over money to cybercriminal groups almost always increases ransomware activity.<\/p>\n\n\n\n

By paying a ransomware demand, businesses essentially fund cybercriminal groups, helping them expand their operations. Moreover, ransom pay can signal to cyber criminals that a sector is ripe for exploitation.<\/p>\n\n\n\n

When reports came in that medical company Change Healthcare may have paid ransomware gang BlackCat\/ALPHV<\/a> a $22 million<\/a> ransom in March 2024, the broader healthcare sector experienced a surge in ransomware attacks. Similarly, paying a ransom demand to one ransomware group may indicate to others that an organization is a worthwhile target.<\/p>\n\n\n\n

It’s also crucial to recognize that paying ransom demands doesn’t necessarily mean cybercriminals will restore an organization’s data. Remember, we’re dealing with criminals; we shouldn’t expect them to act morally or ethically. Many businesses have paid ransom demands, only for attackers to withhold decryption keys or provide faulty ones. Some groups even seem to find enjoyment in taunting their victims.<\/p>\n\n\n\n

When Should Organizations Comply with Ransom Demands?<\/h2>\n\n\n\n

However, there are some situations where paying a ransom is the only option or the best course of action. For example, if a lack of system access could result in a loss of life \u2013 as may be the case with some healthcare, critical infrastructure, or industrial organizations \u2013 complying with ransom demands would likely be the most prudent option.<\/p>\n\n\n\n

Some experts argue that organizations should pay ransoms when they are lower than the cost of restoring data or potential financial losses resulting from delayed recovery. This is a compelling argument at face value, but as noted, cybercriminals may not restore data after receiving a ransom and may even be motivated to attack the organization again. In some cases, data is even corrupted during decryption.<\/p>\n\n\n\n

Protecting against These Attacks \u00a0\u00a0<\/h2>\n\n\n\n

It’s clear that, aside from a few specific situations, such as when human lives are at risk, organizations should avoid paying ransom demands. Essentially, paying ransom demands should only ever be a last resort. If an organization does suffer a ransomware attack, it’s almost always better to deploy cybersecurity professionals to restore company data. Organizations should develop and rehearse an incident response plan or even keep an incident response team on retainer to launch into action when an attack occurs.<\/p>\n\n\n\n

It’s also crucial, of course, to take proactive measures against ransomware attacks. Often, the cost of preparation is significantly lower than that of a ransom. Businesses must implement effective cybersecurity measures. Here are some basic tools and techniques to help your organization ward off ransomware<\/a> attackers:<\/p>\n\n\n\n