To Pay Or Not To Pay A Hackers’ Ransom?

Back in December of 2017 In Mecklenburg County, North Carolina, a county government employee was tricked by an email phishing scam.

Back in December of 2017 In Mecklenburg County, North Carolina, a county government employee was tricked by an email phishing scam. As a result, 48 servers had their data infected by LockCrypt ransomware. The attack paralysed numerous crucial services, including the county’s tax, finance, deed, and social services.

The cybercriminals wanted a ransom of $23,000 (USD), and the county government officials were still undecided about whether to pay the ransom before the deadline arrived.

So, what would you do if your business found itself in this situation? You come into work one day and all hell has broken loose. Your business data has been hijacked, and everything has come to a complete stop. The business pain is excruciating, the pressure is intense, and the stress if off the charts. Would you or wouldn’t you, pay the ransom?

Reasons Not To Pay.

Mecklenburg County decided not to pay, and that’s what most security experts recommend. There’s several reasons for this.

1.If you pay the ransom, hackers can ask for more money. Like they did to Kansas Heart Hospital in Wichita. When they paid the ransom, the cybercriminals only partially restored their data before demanding more money to decrypt the rest.
2.You pay the ransom but get nothing back. According to Symantec’s “2017 Internet Security Threat Report” less than 50% of victims who paid got their files back.
3. Some of the more sophisticated ransomware variants delete rather than encrypt their victims’ files. Even if you pay the ransom, your files are history. Two Talos researchers discovered one of these variants, which they dubbed Ranscam.
4. Paying a ransom has implications for your business. It could make you a target and increase the likelihood of cyberattacks against your company in the future. If the cybercriminals know you’d pay to get your data back, they’ll be banking on the chance that you’re still vulnerable. And in a broader sense, the more organisations that pay ransoms, the more the hackers will continue to target businesses.

Reasons To Pay.

Regardless that ideally, it’s best to not pay, many businesses will. Reasons for giving in and paying do vary

It’s easier or quicker to pay the ransom than restore from backups.

1. The Hollywood Presbyterian Medical Center in Los Angeles, California, paid the cybercriminals around $17,000 to get their patient records back. According to Allen Stefanek, the centre’s president and CEO “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,”
2. Organisations might find that it is cheaper to pay off the hackers than reconstruct their data from backups. Typically, most ransom demands ranged from $500 to $2,000 for businesses, according to Statista. And in some cases, the ransom amount was negotiated down. F-Secure researchersfound three out of four ransomware criminals were willing to negotiate, reducing fees by an average of 29%. According to Forcepoint Security Labs there’s one strain of ransomware named Scarab that does not specify an amount. Instead, victims must email the cybercriminals to negotiate a price for recovering files.
3. Not having usable backups of crucial data. Bingham County officialsin Idaho gave hackers $3,500 to get back data on three servers. The ransomware attack had paralysed all 28 of the county’s servers, and the hackers wanted a ransom of $33,000. But because the county had usable backups for 25 of those servers, it negotiated the price down to $3,500 to get the decryption keys for the last three.
4. To protect the business image and brand. Some companies secretly paid ransoms to minimise the chance of word getting out that they fell victim to an attack. According to Robert Shaker, the chief technology officer of Incident Response Services for Symantec’s Cyber Security Group, hundreds of ransomware attacks have been kept secret.

What Would You Do?

It’s a hard decision, hopefully one you will never have to make. No matter your choice, a ransomware attack would likely cause other problems for your business. A 2017 Malwarebytes study found that 22% of SMB’s who fell victim to a ransomware attack had to cease operations immediately. That kind of downtime means plenty of lost revenue. It’s vital you do everything you can to protect your business, and we at Intellect IT are here to help. Call us to learn more about what we can do, to help keep your business safe.

Posted on