Ransomware attacks are the most significant risk for modern organizations, with the Verizon Data Breach Report 2024<\/a> reporting that ransomware is a top threat across 92% of industries. In recent years, the number of ransomware attacks<\/a> has grown significantly. Actors have become more sophisticated, advancing their tactics, techniques, and procedures, such as with double extortion, a trend in which attackers exfiltrate and leverage sensitive data to force victims to pay the ransom demand.<\/p>\n\n\n\n
First, let’s briefly clarify what a ransomware attack is. Ransomware is a type of malicious software or malware that cybercriminals use to encrypt<\/a> a victim’s data or lock them out of their system. The attacker then demands a ransom payment, typically in cryptocurrency, in exchange for providing a decryption key or unlocking the system.<\/p>\n\n\n\n
Perhaps the most compelling argument for refusing to pay ransom demands is that handing over money to cybercriminal groups almost always increases ransomware activity.<\/p>\n\n\n\n
By paying a ransomware demand, businesses essentially fund cybercriminal groups, helping them expand their operations. Moreover, ransom pay can signal to cyber criminals that a sector is ripe for exploitation.<\/p>\n\n\n\n
When reports came in that medical company Change Healthcare may have paid ransomware gang BlackCat\/ALPHV<\/a> a $22 million<\/a> ransom in March 2024, the broader healthcare sector experienced a surge in ransomware attacks. Similarly, paying a ransom demand to one ransomware group may indicate to others that an organization is a worthwhile target.<\/p>\n\n\n\n
However, there are some situations where paying a ransom is the only option or the best course of action. For example, if a lack of system access could result in a loss of life \u2013 as may be the case with some healthcare, critical infrastructure, or industrial organizations \u2013 complying with ransom demands would likely be the most prudent option.<\/p>\n\n\n\n
Some experts argue that organizations should pay ransoms when they are lower than the cost of restoring data or potential financial losses resulting from delayed recovery. This is a compelling argument at face value, but as noted, cybercriminals may not restore data after receiving a ransom and may even be motivated to attack the organization again. In some cases, data is even corrupted during decryption.<\/p>\n\n\n\n
It’s clear that, aside from a few specific situations, such as when human lives are at risk, organizations should avoid paying ransom demands. Essentially, paying ransom demands should only ever be a last resort. If an organization does suffer a ransomware attack, it’s almost always better to deploy cybersecurity professionals to restore company data. Organizations should develop and rehearse an incident response plan or even keep an incident response team on retainer to launch into action when an attack occurs.<\/p>\n\n\n\n
It’s also crucial, of course, to take proactive measures against ransomware attacks. Often, the cost of preparation is significantly lower than that of a ransom. Businesses must implement effective cybersecurity measures. Here are some basic tools and techniques to help your organization ward off ransomware<\/a> attackers:<\/p>\n\n\n\n
If you take one thing away from this article, let it be this: prevention is better than a cure. By implementing an effective cybersecurity program, organizations significantly reduce the risk of suffering a ransomware attack and deciding whether to pay ransom demands. However, if you fall afoul of ransomware actors, try to avoid handing them money. Instead, invest in an incident response team \u2013 if you don’t, you risk being attacked again.
About the author: Josh Breaker-Rolfe<\/strong><\/p>\n\n\n\n
Josh<\/a> is a Content writer at Bora<\/a>. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He’s written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, ransom)<\/strong>
<\/p>\n","protected":false},"excerpt":{"rendered":"