{"id":19193,"date":"2022-05-31T06:40:03","date_gmt":"2022-05-31T14:40:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/05\/31\/news-12926\/"},"modified":"2022-05-31T06:40:03","modified_gmt":"2022-05-31T14:40:03","slug":"news-12926","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/05\/31\/news-12926\/","title":{"rendered":"Paying Ransomware? Should You Really Pay Ransom Settlements?"},"content":{"rendered":"
\n
\n
<\/div>\n<\/p><\/div>\n
\n

Ransomware is one of the top threats facing organizations and individuals today. In fact, according to a recent survey, 85% of organizations<\/a> are more worried about a ransomware attack than any other cyber threat. By simply clicking a link or downloading a malicious file, anyone can unwittingly initiate a ransomware attack. And while often someone may feel desperate and want to pay the ransom or a ransomware settlement<\/a> to re-gain access to critical data, it is a decision that should be considered very carefully.<\/p>\n

Just like as a child, when kids steal a bookbag and demand lunch money to get it back, cybercriminals are doing the same thing to organizations after successfully deploying ransomware and taking sensitive data hostage by encrypting it. Unfortunately, in many cases doing more than just ransom.<\/p>\n

Obviously, the stakes are higher for an organization that\u2019s attacked. An organization\u2019s survival may depend on getting the encryption key from the cybercriminals to decrypt and get back their stolen data. But the dilemmas seem surprisingly similar for both set of victims.<\/p>\n

Should You Pay Ransomware Attackers?<\/h2>\n

The question of whether you should pay the ransom in either case comes with the fear that you won\u2019t get your bookbag back or the encryption key after paying. It is hard to put any faith in the goodwill of bullies or cybercriminals. Instead of returning \u00a0your stuff (information) you likely want to keep private, they could simply empty your \u201cbookbag\u201d and all its contents, including sensitive data, on internet for all to access and use.<\/p>\n

Or they could give your data to another bully or criminal to do what they will with it. In this instance, paying doesn\u2019t solve your problem, and makes you considerably poorer.\u00a0 In other words, paying ransomware could mean your organization has no \u201cbookbag\u201d and no \u201cmoney for lunch,\u201d and perhaps, worst of all, you now have a reputation as an easy mark and a \u201cpayer\u201d that can be easily and frequently bullied.<\/p>\n

The Problems Paying Ransomware Creates<\/h2>\n

An organization doesn\u2019t want to have a reputation as a \u201cpayer\u201d in the cybercriminal underworld, because that could be the equivalent of painting a target on the company\u2019s back.<\/p>\n

While I appreciate that some organizations may have no option but to pay ransomware attackers, I recommend not doing so unless you absolutely must take the risk because if you don\u2019t your business is guaranteed to fail. In addition to becoming a repeat victim, paying ransomware emboldens the bad guys and funds more of their future attacks on you and others.<\/p>\n

Is Paying Ransomware Illegal?
<\/h2>\n

Victims of ransomware attacks who feel compelled to pay cybercriminals often wonder if it is illegal to do so. There is no law against paying ransom when an organization\u2019s data and\/or systems are taken hostage. However, it is strongly discouraged by U.S. government authorities and those of us in the cybersecurity industry to pay cyber ransoms or succumb to extortion demands.<\/p>\n

Victims of ransomware are warned against paying ransom settlements<\/a> by such organizations as CISA, NCSC, the\u00a0FBI<\/a>,\u00a0and HHS. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and\/or fund illicit activities which could potentially be illegal according to a\u00a0U.S. Department of Treasury\u2019s Office of Foreign Assets Control (OFAC)<\/a>\u00a0advisory.<\/p>\n

Can Law Enforcement Help?
<\/h2>\n

Unfortunately, legal authorities\u00a0sometimes have massive workloads and\u00a0priorities\u00a0which means their resources may not be assigned in a manner that is needed for your organization. Mission goals may also not entirely align in all cases when enforcement might be\u00a0prioritizing an investigation and your organization may\u00a0prioritize a return to business processes and tasks. Regardless, law\u00a0enforcement can be a great asset, but they should be part of your organization\u2019s incident response plan not in lieu of one, which has been considered by your\u00a0executive leaders, IT and InfoSec staff, and legal among others.\u00a0<\/p>\n

Looking for help after an attack is a key problem and the definition of \u201creactive.\u201d You never to want to get to the point where you must pay the ransom. The way to avoid ransomware attacks is having a good defense.<\/p>\n

How to Prevent Ransomware Attacks<\/h2>\n

The best practices for organizations and individuals to protect themselves from ransomware attacks is to incorporate these actions<\/a> into your cyber defense posture:
<\/b><\/p>\n