Should Businesses Pay Ransomware Demands?

Ransomware has become one of the highest quality weapons a criminal has at his or her disposal when it comes to cybercrime. Hacking techniques that were borne of mischief or political statements now are used by entire organized criminal organizations operating primarily in the online space.

But how to monetize it? Well, that’s where ransomware comes in. And the less you do as an IT decision-maker for your business or organization, the happier those criminals are: their target is softer.

While we’ve covered this many times through various blogs, the general concept for a ransomware attack in a cybersecurity context primarily involves a target, a vector, and an encryption. These concepts are simple on their face. A target is the person or organization at who or which the attack is aimed. A vector is the method or methods by which an attacker gains access to a system. The encryption is a method to lock data in a way that requires a key to unlock it.

The name “ransomware” is derived from its purpose: to encrypt important data that requires a key—to be sold—to recover that data.

In this article, we will examine what to do if your business or organization is hacked as well as how to defend your business against such attacks.

What you should do if you’re hacked

Many businesses and organizations each year find themselves in a tough spot: they’ve discovered a data breach, whether internally or via communications demanding payment. So…what next?

Each ransomware situation is very different—not only in attack types but also in implications due to a business or organization’s industry or professional area—and thus the attack can have varying ramifications. The first things to almost always do are to:

Contact an IT security team to see if further damage may be mitigated, what damage has already been done, and ensure any remaining access methods for the hackers (often called backdoors or footholds) are closed and secured. Certified CIO can help in this area.
Contact your attorneys and let them know you’ve had an IT security incident. Your attorneys will recommend how to communicate the security breach to other parties. Each industry is very different in this respect, and mistakes here can lead to differing levels of litigation—a.k.a. more time and money cost.
Contact your Cyberinsurance provider, if your business or organization has one, so that they may be involved in next steps

Should you pay the ransom?

The easy and correct answer is no. Ransomware is illegal and peddled by criminal organizations. In fact, even participating in the exchange of the ransom demand may be an illegal act that funds terrorism groups. The money will go to an organization that participates in crime and will use it to boost their ability to commit further crimes. However, we acknowledge that the answer is much more difficult when the cost of recovery is more (and sometimes far more) than the ransomware demand. Some business and organizational decision-makers may see a binary choice—pay the ransom or fold.

This decision will be individual and should be discussed with the IT security firm and legal team prior to being made. However, some considerations should be taken. While most criminal organizations do indeed release the encryption key, there are no guarantees that it will indeed work and decrypt the data. Additionally, it may decrypt incompletely or at such a slow pace that restoration becomes a viable financial choice again (as happened with Colonial Pipelines).

How to avoid Ransomware altogether

While many aspects of an IT system’s security may fail and become the attack vector, one of the most difficult targets to harden is the human element. In this, at Certified CIO we adopt a “trust but verify” approach.

The trust portion is earned through training. We utilize traditional, episodic phishing training as well as have random emails sent to each staff members inboxes. These random emails appear to be phishing, but instead record clicks on would-be dangerous links. These emails are designed by both our in-house security personnel and the phishing experts at KnowBe4. (Get your free KnowBe4 Test HERE!)

The verify portion of our human security involves Cisco’s Duo MFA products. This requires an additional verification (essentially, “Are you trying to login?”) after sensitive data areas are entered, to include accessing one’s computer after logging out during the day or the previous day.

Outside the human factor, it is important to maintain regular and tested backup solutions. After all, ransomware won’t be a major problem if you can restore a recent backup.

(Side note: please do not use “I have backups” as an excuse to NOT call your legal team and an IT security team in the event of a security incident. The security holes that existed and allowed the attack to take place will also be restored…and for the next attack the bad guys will know they need an additional step to extort your money.)

Backup solutions come in many flavors but are only as good as the provider’s ability to deliver a backup if needed as well as the frequency by which the backups are taken. We have recently made the decision to change one of our offerings to our customers after testing and deciding that a former provider was no longer meeting our standards for delivery. (When was the last time your business checked on the status of backups?)

Overall, there still can be immense holes in your IT architecture if not kept up to date with industry standard protection. This requires a knowledgeable IT staff. If your business or organization is too small or simply would like to outsource IT…it’s what Certified CIO does. GET IN TOUCH WITH US!

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

Should Businesses Pay Ransomware Demands?

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666