• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

To Pay Ransomware Or Not

When you're hit with ransomware, there are several things to consider before you shell out millions in cryptocurrency to a criminal organization.

June 15, 2021 Zachary Comeau Leave a Comment

Ransom payments
vchalup/ stock.adobe.com

You invested in strong endpoint detection, conducted robust training on spotting a phishing attempt and conduct a thorough patch management program, but it happens away: your organization is locked out of its systems until you pay a hefty ransom of Bitcoin to an unknown cybercriminal.

Now what do you do?

If your backups were stored properly, scrapping your systems and starting fresh with your backed-up data without having to pay off the criminals will help save you a lot of time, money and headaches.

However, what if the backups are also compromised? This leaves you with few options while you’re bleeding money and losing business since you can’t access your systems.

Do you give into the demands of the ransomware operators or begin the long process of rebuilding your core IT systems from scratch?

Authorities really don’t want you to pay

For the most part, law enforcement agencies try to discourage compromised organizations from paying a ransom because it incentivizes more ransomware operations and funds those malicious groups.

The FBI maintains that organizations should not pay a ransom because it doesn’t guarantee that you’ll get data back and it encourages more ransomware activities.

And, in a recent alert about the Colonial Pipeline ransomware attack, both the FBI and U.S. Cybersecurity and Infrastructure Agency discouraged the payment of ransomware.

“CISA and the FBI do not encourage paying a ransom to criminal actors,” the agencies said in a joint alert. “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”

The majority of these cyber attacks and ransomware operations are coming from U.S. adversaries like Russia, so these payments also pose a national security threat, agencies say.

Read Next: The White House Wants More Private Sector Focus On Ransomware

It’s a business decision

For most organizations, deciding whether or not to pay a ransom to cybercriminals comes down to a business decision.

Take for example the Colonial Pipeline case from last month in which the DarkSide ransomware group forced the provider of fuel to much of the East Coast offline to prevent the breach from infecting the pipeline system itself.

The company paid $4.4 million in Bitcoin to the hackers shortly after the system was locked.

With the pipeline offline, gas prices skyrocketed due to a shortage of fuel, prompting a state of emergency to be declared by President Joe Biden. In some areas of the southern U.S., gas stations were without fuel for several days.

The ransomware initially impacted the Colonial Pipeline’s billing system, which was ultimately costing the pipeline business due to inability to receive payments. In addition, there were some macroeconomic concerns on the horizon if the shutdown lasted much longer.

“So if you think about it, then it’s not just costing them money, but it’s costing multiple other companies and customers money as well,” says James Carder, chief security officer at LogRhythm. “And so there’s significant downstream ramifications of this. And so, I think all those combined is why they paid that large ransom.”

Indeed, the CEO of Colonial Pipeline Co. Joseph Blount told the Wall Street Journal that it was “the right thing to do for the country” to pay the ransom.

On the flipside, organizations should do a cost analysis of what it would take to rebuild their systems and accept losing revenue for a short period versus paying the ransom, says Danielle Parks, research analyst at Nucleus Research.

“Would it be worth $5 million to pay that ransom, or would it be worth it just scrapping that data and doing a different system?” Parks said.

You can’t trust a criminal

One of the reasons ransomware is proliferating the internet right now is because ransomware operators are changing their tactics and techniques from simply demanding a ransom to threatening to steal data and selling it on the dark web.

Now, organizations hit by ransomware have to assume that their data could be leaked, Katie Nickels, director of intelligence at Red Canary, said during the recent RSA Conference. Exfiltration and extortion is now the “new normal” of a ransomware attack.

This makes it more challenging to figure out how an organization should respond, Nickels said.

“There used to be an old way of thinking, ‘Hey, if I just pay an adversary, I get the decryption key and my data is back.’ Great. Well, except now if the adversary has your data, you don’t know if they’ve really destroyed it.”

In fact, there have been multiple cases in which an organization paid the ransom only to see the ransomware operator come back to further extort the victim with the undeleted data.

At the same conference, Health Mahalik, senior director of threat intelligence at Cellebrite, said IT security professionals can never again trust cybercriminals promising to destroy exfiltrated data.

“You have to realize that these are adversaries or criminals we’re talking about,” Mahalik said. “Don’t trust them because they don’t always do that they say they’ll do.”

Tagged With: Cybersecurity, ransomware

Related Content:

  • Microsoft Loop IT What You Need to Know About Microsoft Loop
  • YAMAHA UC ADECIA Yealink Yamaha UC Partners With Yealink for Audio &…
  • Microsoft, ChatGPT, GPT-4, GPT-3.5 What’s New With ChatGPT and Generative AI This…
  • CISA Ransomware CISA Wants You To Report Anything You Know…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.