Why Paying a Ransomware Demand Doesn’t Guarantee a Swift Return to Business

There have been a lot of high-profile breaches in the news lately.  McDonald’s, Colonial Pipeline and JBS Meats are just three examples of some big companies that have had to deal with ransomware.  It was reported that both JBS and Colonial had paid off the hackers to get their data back and return to business, but is this really the best approach? 

A recent study by Cybereason, Ransomware: The True Cost to Business, has found that this is not the best approach for most businesses.  The study, conducted by Censuswide, 1,263 security professionals in seven markets worldwide, including Singapore, Germany, France, the US, and the UK. The results found that 80% of those who paid the ransom were hit by ransomware a second time.  Of those organizations, 46% believed the subsequent ransomware attack was caused by the same hackers.

Worse still, those that had paid to regain access to their systems, 46% said at least some of their data was corrupted, 3% said they did not regain access to any encrypted data. Cybereason CEO, Lior Div, told Infosecurity Magazine his thoughts on ransomware: “Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks.”

So, what should you do? Div recommends “Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organizations to stop disruptive ransomware before they can hurt the business.”  Most cyber security firms recommend a data protection strategy to prevent ransomware.  Having a data recovery strategy, like off-site and off-line backups will also lessen the need to pay a ransom.  If you need help developing a protection and recovery strategy, or dealing with a ransomware demand, contact Uzado.