Ransomware: Don't Pay Ransom; Your Data Is Not Coming Back
Feb 01, 2022
Ransomware can costs organizations around the globe about $20 billion by 2021
. That’s more than the GDP of countries like Afghanistan and Georgia. The unprecedented growth of ransomware isn’t just financially depressing; it’s an indication of how rapidly cybercrime is growing across the world, apparently outpacing government-induced cybersecurity measures.
Ransomware: To Pay Or Not To Pay?
No. If your business is the next unfortunate victim of ransomware, and your first impulse is to pay and get your valuable data back, the optimal response is not to pay. We would love to tell you that it’s because some 007-like agent (with the license to "neutralize" threats) that will take care of it in the shadows, but that's not the reason.
You are advised not to pay because you’d be losing money on two fronts: Business disruption and ransomware. If you have alternatives to recover your data (back-ups) and your data can’t be used to damage your business (like confidential patient data getting leaked), a simple cost-benefit analysis can indicate whether paying the ransomware is worth it or not.
According to Sophos’ ransomware report for 2020
, about 26% of the companies that received ransomware, paid it and a whopping 95% of them got their data back. And while this does fly in the face of our topic, there are still 5% of businesses that lost both their data and their money.
It’s only logical that hackers (who use ransomware), try to develop a “reputation” for releasing the data once the ransom is paid. If they don’t, then the percentage of people willing the pay the ransom would drop precipitously.
You won’t have to worry about making the tough call on “to pay or not to pay,” if you are properly protected against ransomware in the first place. Since data has surpassed oil to become the most valuable commodity globally, the protection of your business data should be a primary cyber security goal for you. To find the best cybersecurity solution against ransomware, Microminder cyber security suggests that businesses perform an initial penetration testing to understand the security posture of their IT environment and then apply remediation advice appropriately. Combating Ransomware is no different to combatting against unknown threats. An initial Healthcheck on the infrastructure provides ample visibility into the estate and the right direction to approach all external threats.