The rise of ransomware attacks has become an alarming trend, causing business leaders to grapple with a difficult question: should they negotiate with ransomware attackers and pay the demanded ransom?
This dilemma poses many challenges, and businesses must weigh the potential consequences of their decisions.
“Many think that paying the ransom may be the quickest way to regain access to critical data and systems, particularly companies where downtime translates to substantial financial losses or even risks lives, such as in healthcare or emergency services,” says Warren Bonheim, MD of Zinia.
Bonheim argues that there is no guarantee that the attackers will honour their end of the bargain and provide decryption keys or release the stolen data even after the ransom is paid; after all they are not bound by any ethical code. Businesses may end up losing money without resolving the issue.
In effect, paying ransoms provides financial incentives to cybercriminals, encouraging them to continue their illegal activities. It fuels a vicious cycle in which attackers are emboldened to launch more attacks.
Some believe that because stolen data may include sensitive information about customers or employees, paying the ransom can prevent the exposure of this data, mitigating the risk of lawsuits, regulatory fines, and reputational damage.
“However, the real danger of this is that companies might become trapped in a cycle of paying ransoms instead of addressing the root causes of vulnerabilities and not invest in more robust cybersecurity measures,” says Bonheim.
Bonheim shares some tips on staying ahead of ransomware attackers:
* Don’t wait to become a victim. Thinking it won’t happen to you is dangerous because hope is not an effective strategy especially with the increasing sophistication and business of cybercrime. By strengthening your cybersecurity, you make it more difficult for attackers to penetrate your defences.
* The weakest link for cybercriminals is people. Your employees provide the greatest danger to the business because they may inadvertently let ransomware pass into the company by clicking on links or visiting websites that pose a risk. Security awareness training combined with regular assessments to test employee’s vulnerabilities is critical.
* You need a cybersecurity platform that has round the clock monitoring, built in automated incident response and AI-led techniques to quickly and automatically block or investigate threats. Smart platforms, like Sophos, also have data intelligence gathering of incidents from all over the world where AI analyses and learns from this data for predictive prevention, to stay ahead of cybercriminals.
* Beyond automation, you can also strengthen your security through a team of human-led threat hunters who actively seek out anomalies, unusual patterns, and other indicators of compromise that automated systems may have missed. Their goal is to identify and act against security threats before they can cause significant damage or data breaches within your business.
* Recently, there’s been an increasing trend where attackers only return half of the stolen data, then demand the same ransom again to release the remainder. To safeguard against such scenarios, it’s crucial for businesses to implement a robust and secure cloud backup strategy. This ensures the ability to restore data in the event of a ransomware attack, enabling uninterrupted business operations.
* Today, companies do not have to invest in the latest technology, nor do you have to hire in the skills to do so, rather you can get affordable enterprise-grade solutions by using a cybersecurity provider for a month-to-month service. These providers have the most advanced systems in place which are constantly being updated to adjust to different attack scenarios.
In conclusion, rather than facing the ransomware dilemma in the first place, companies can prioritise prevention and preparedness to strengthen their defences, making it more difficult for criminals to launch their attack. Additionally, by having a proper data back-up plan in place, should an attack transpire, their data can be quickly recovered.