If You Pay a Ransom, You’re Just Buying More Trouble
Organizations in every industry are facing surging ransomware threats. For many of those organizations, those threats will become reality. The unfortunate organizations that end up in that position will need to make a number of difficult decisions as part of their incident response. One of the complex decisions that an organization will make is whether or not they’re going to pay the extortionists their demanded ransom. That’s a tricky proposition. While it may seem to be expedient and cost-effective to just pay off the cybercriminals and get back to work, it’s just not that simple.
Considering a new dark web monitoring solution? This eBook helps you find the right one for your organization. GET EBOOK>>
Paying a Ransom Makes It Worse for Everyone
Far too many organizations choose to take what they see as the easy way out by paying the cybercriminal’s demands because it seems like the fastest and simplest way to resume normal operations. It also seems like a good way to avoid the expense and hassle of a complex investigation and recovery. That’s exactly what the cybercriminals want companies to do, and they make it easy to just pay the ransom, promising speedy decryption and other desirable results. Unfortunately, a recent survey revealed that too many companies are inclined to take the bait in order to quickly put the incident behind them.
After a Successful Attack Did The Victim Pay the Ransom?
|Yes||% of Total Survey Respondents|
|Prefer Not to Answer||1%|
Source: Helpnet Security
Paying the ransom is doing what the bad guys want, and it shows them that ransomware is a great business plan, making cybercriminals more likely to pursue more attacks. Ransomware attack rates have doubled, and ransoms are reaching an all-time high, making ransomware a growth industry, and that’s bad for businesses. But an increasing number of businesses are just paying the extortionists off in the hope of making the whole situation go away, and that’s bad for everyone.
Percentage of Organizations that Paid Ransoms by Year
Source: Helpnet Security
Why is Paying a Foolish Choice?
Paying off the playground bully at school didn’t work. Why would paying off cybercriminals be any more effective? Paying off extortionists is never a good idea and sometimes even illegal.
Cybercriminals Double Dip
Paying extortionists doesn’t usually make them go away. In fact, quickly paying off an extortionist usually results in that extortionist coming back with their hand out to demand more money once they find out that you’re inclined to hand it over. An estimated 87% of respondents in a survey of organizations that had been hit by a successful ransomware attack and paid the demanded ransom said that they experienced additional extortion attempts beyond the initial ransomware demand.
Good Luck Recovering Your Data
A big reason why companies choose to pay off the bad guys is the perception that if they pay the ransom, they’ll get their data back intact. Those organizations quickly discover that isn’t the case at all. Typically, companies that pay the ransom expect to receive a decryptor to unlock their data. Cybercriminals are generally likely to send one after payment is made. But it doesn’t always work, and if it does work, it doesn’t work well. Colonial Pipeline found that out the hard way. After the company paid $5 million in ransom they were provided with a decryptor, but it was so slow as to be nearly useless, forcing them to do data recovery from backups anyway. Very few organizations recover all of their missing data, and an overwhelming majority of companies discover that they’re still missing data after they pay off the bad guys.
- An estimated 92% of organizations that pay a ransom don’t get all of their data back
- About 40% of organizations never see any of their data again.
- Under 15% of organizations recover all of their data
- Less Than30% of organizations recover about half of their data
Learn why secure access management is the key to a stronger defense on a budget. WATCH NOW>>
Too Many Organizations Are Unprepared
How do many organizations find themselves in this position? Unpreparedness. A lack of preparedness to defend against a ransomware attack is a security risk that can lead to disaster. Unitrends MSP surveyed MSPs about their clients’ readiness for ransomware and the results of that survey showed that the organizations that they serve have a long way to go before they can stand up to an attack. The majority of surveyed MSPs reported that their clients are only somewhat prepared or not prepared at all to face a ransomware attack.
Levels of Client Preparedness for a Ransomware Attack
- Somewhat Prepared 50%
- Mostly Prepared 37%
- Extremely Prepared 7%
- Not Prepared 7%
That’s a sure path to an expensive, painful incident response cycle followed by a recovery nightmare. In the Unitrends MSP report, researchers also took a look at what organizations faced in the aftermath of a ransomware attack. They determined that for companies that have faced ransomware head-on, data loss (22.34%) and downtime (22.13%) were the most common consequences, followed by reputation damage (15.24%), lost profits (13.57%) and compliance failures (9.39%). Outcomes like these keep the expense of a ransomware incident snowballing, creating major danger for the long-term viability of the victimized businesses.
Consequences of a Ransomware Attack for Clients
|Clients hit by ransomware experienced.|
|Data Recovered (Paid Ransom)||5%|
|Data Lost (Paid Ransom)||6%|
Get a step-by-step guide to building an effective security and phishing awareness training program. GET GUIDE>>
Protect Your Organization from Ransomware Affordably
It’s never a good idea to pay cybercriminals the ransom and doing so may be illegal in some circumstances. Instead, use a smart, strong defensive strategy to avoid becoming a victim of ransomware. The ID Agent digital risk protection platform can help.
Passly packs 3 essential tools for secure identity and access management into one affordable package: including single sign-on (SSO), two-factor authentication (2FA), and secure password vaults plus automated password resets and simple remote management at an affordable price.
BullPhish ID delivers effective security and compliance awareness training. Choose from a big library of lessons about security issues like ransomware and compliance with major data rules or laws. Plus, phishing simulations are a breeze with premade simulations or customize the content to reflect your industry’s unique risks.
Dark Web ID helps businesses stay safe from dark web credential compromise threats with 24/7/365 real-time analysis and alerts fueled by data collected from all of the nooks and crannies of the dark web like data dumps, sites, boards, markets and more,
Contact the solutions experts at ID Agent today to learn more about how the ID Agent digital risk protection platform can enable you to secure your business and your customers against ransomware threats.
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!