• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

To Pay Ransomware Or Not

When you're hit with ransomware, there are several things to consider before you shell out millions in cryptocurrency to a criminal organization.

June 15, 2021 Zachary Comeau Leave a Comment

Ransom payments
vchalup/ stock.adobe.com

You invested in strong endpoint detection, conducted robust training on spotting a phishing attempt and conduct a thorough patch management program, but it happens away: your organization is locked out of its systems until you pay a hefty ransom of Bitcoin to an unknown cybercriminal.

Now what do you do?

If your backups were stored properly, scrapping your systems and starting fresh with your backed-up data without having to pay off the criminals will help save you a lot of time, money and headaches.

However, what if the backups are also compromised? This leaves you with few options while you’re bleeding money and losing business since you can’t access your systems.

Do you give into the demands of the ransomware operators or begin the long process of rebuilding your core IT systems from scratch?

Authorities really don’t want you to pay

For the most part, law enforcement agencies try to discourage compromised organizations from paying a ransom because it incentivizes more ransomware operations and funds those malicious groups.

The FBI maintains that organizations should not pay a ransom because it doesn’t guarantee that you’ll get data back and it encourages more ransomware activities.

And, in a recent alert about the Colonial Pipeline ransomware attack, both the FBI and U.S. Cybersecurity and Infrastructure Agency discouraged the payment of ransomware.

“CISA and the FBI do not encourage paying a ransom to criminal actors,” the agencies said in a joint alert. “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”

The majority of these cyber attacks and ransomware operations are coming from U.S. adversaries like Russia, so these payments also pose a national security threat, agencies say.

Read Next: The White House Wants More Private Sector Focus On Ransomware

It’s a business decision

For most organizations, deciding whether or not to pay a ransom to cybercriminals comes down to a business decision.

Take for example the Colonial Pipeline case from last month in which the DarkSide ransomware group forced the provider of fuel to much of the East Coast offline to prevent the breach from infecting the pipeline system itself.

The company paid $4.4 million in Bitcoin to the hackers shortly after the system was locked.

With the pipeline offline, gas prices skyrocketed due to a shortage of fuel, prompting a state of emergency to be declared by President Joe Biden. In some areas of the southern U.S., gas stations were without fuel for several days.

The ransomware initially impacted the Colonial Pipeline’s billing system, which was ultimately costing the pipeline business due to inability to receive payments. In addition, there were some macroeconomic concerns on the horizon if the shutdown lasted much longer.

“So if you think about it, then it’s not just costing them money, but it’s costing multiple other companies and customers money as well,” says James Carder, chief security officer at LogRhythm. “And so there’s significant downstream ramifications of this. And so, I think all those combined is why they paid that large ransom.”

Indeed, the CEO of Colonial Pipeline Co. Joseph Blount told the Wall Street Journal that it was “the right thing to do for the country” to pay the ransom.

On the flipside, organizations should do a cost analysis of what it would take to rebuild their systems and accept losing revenue for a short period versus paying the ransom, says Danielle Parks, research analyst at Nucleus Research.

“Would it be worth $5 million to pay that ransom, or would it be worth it just scrapping that data and doing a different system?” Parks said.

You can’t trust a criminal

One of the reasons ransomware is proliferating the internet right now is because ransomware operators are changing their tactics and techniques from simply demanding a ransom to threatening to steal data and selling it on the dark web.

Now, organizations hit by ransomware have to assume that their data could be leaked, Katie Nickels, director of intelligence at Red Canary, said during the recent RSA Conference. Exfiltration and extortion is now the “new normal” of a ransomware attack.

This makes it more challenging to figure out how an organization should respond, Nickels said.

“There used to be an old way of thinking, ‘Hey, if I just pay an adversary, I get the decryption key and my data is back.’ Great. Well, except now if the adversary has your data, you don’t know if they’ve really destroyed it.”

In fact, there have been multiple cases in which an organization paid the ransom only to see the ransomware operator come back to further extort the victim with the undeleted data.

At the same conference, Health Mahalik, senior director of threat intelligence at Cellebrite, said IT security professionals can never again trust cybercriminals promising to destroy exfiltrated data.

“You have to realize that these are adversaries or criminals we’re talking about,” Mahalik said. “Don’t trust them because they don’t always do that they say they’ll do.”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cybersecurity, ransomware

Related Content:

  • VuWall Enhances Operational Efficiency for SIMOS Control Center
  • Sony Projector Firmware Sony’s Latest Firmware Update Supports 21:9 Ultra-Wide Aspect…
  • IT Businessman makes an addition to process to increase its effectiveness. Changes system parameters for high productivity. Integration of improvements, updates and upgrades Now’s The Time to Focus on IT Productivity
  • AI Automation burnout What is It About AI That Brings Excitement,…

Free downloadable guide you may like:

  • Creating Great User Experience and Ultimate Flexibility with Clickshare

    Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When designing the office spaces – and meeting spaces in particular – enabling that connection between co-workers is crucial. Introducing the right collaboration technology in meeting spaces is the biggest challenge for IT managers […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Advertise with Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSDO NOT SELL MY PERSONAL INFORMATIONTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.