Turns Out Paying the Ransom for Ransomware is a Bad Idea, After All

At this stage, you don’t need us to tell you that ransomware is bad. This threat has gone from being an emerging problem to one that is now sensationalized and commonplace in headlines and news stories around the world. According to a recent study, even organizations that do pay the ransom when they get infected by this threat are playing with fire.

A survey conducted by Censuswide surveying 1,263 security professionals found that paying the ransom following a ransomware attack could have significant consequences for businesses. Here are some of the results:

• 80% of organizations that paid their ransomware attackers the ransom experienced a second attack.
• Of these organizations, 46% believe that the same hackers were responsible.
• 46% of organizations that paid the ransom found that at least some of their data was corrupted.
• 51% of organizations did not experience data loss or corruption.
• 3% were not able to retrieve their data at all.

This study makes it very clear that you can never trust a hacker to do what they say they are going to do. Even if you pay up, there is no guarantee that you will get your data back. When you pay hackers in this regard, you are essentially doing two things. For one, you are providing funding for future ransomware attacks. Two, you are showing that the concept and business model of ransomware works, encouraging other cybercriminals to utilize these methods moving forward.

Granted, the situation is not that simple. Threats are always trying to one-up security experts, and one way that they do this is by using what is called a “double-extortion” method to not-so-gently nudge organizations toward paying up. If the victim does not pay up, the hackers release their data to the public, potentially subjecting them to fines or other strict data privacy regulations. The reason hackers do this is simple: most variants of ransomware can be circumvented through the use of data backup, so if they don’t have some other incentive to pay, they will just do that.

In the wake of these threats, we recommend that you take two simple steps: 1) Implement a data backup solution and 2) Implement powerful security measures, as well as training for your employees.

BSGtech can help your business implement any solutions needed to properly secure your organization from any and all threats out there. To learn more about how you can keep your business safe, reach out to us at (866) 546-1004.