Ransomware: would you pay the ransom amount or not?

We have previously stressed the importance of why businesses must pay more attention to their cybersecurity to ward off the menacing and continuously rising threat of ransomware.

But what happens when an organisation, regardless of size and scope, does get infected by ransomware and all avenues of damage limitation, threat resolution, operational resumption, and data recovery have been exhausted?

The last remaining question at this point is whether you should pay the ransom amount or not. This is far from a straightforward dilemma to resolve and is an issue that is hotly contested both by industry experts as well as governmental organisations.

Ransomware payouts on the increase

Some of the biggest ransomware payouts of all time have made their way to malicious entities in recent years, with the trend suggesting that they will only go up as attacks become sophisticated and victimised organizations become larger in size and value.

In June of 2020, the University of California at San Francisco paid $1.14 million in ransom through a Bitcoin transfer to hackers. The university had actually managed to negotiate the amount after the hackers demanded an initial $3 million.

While cybersecurity work did indeed take place in the background during negotiations to ring fence uninfected parts of the network, the university’s school of medicine’s servers were fully encrypted by the hackers, with the data only being retrieved after the ransom had been paid.

Earlier this year, the second biggest payout in history, at least from those confirmed and made public, was paid by the Colonial Pipeline after its digital infrastructure was attacked by a hacker group called DarkSide.

The group managed to infect the fuel company’s business network, including one of its most crucial aspects, the billing system. Colonial Pipeline ended up paying a whopping $4.4 million to DarkSide, but not after having to completely shut down its operational technology network to stop the ransomware from spreading even further.

The view of government agencies

Governmental bodies, organisations and police-enforcement agencies are staunchly against the notion of paying hacker groups and other malicious entities any money after an attack has taken place.

The FBI makes note that paying the ransomware does not equate to the full retrieval of your data nor your network’s full operational capabilities.  “Paying a ransom doesn’t guarantee you or your organization will get any data back,” the FBI states on their website. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the agency adds.

In Europe, the European Union Agency for Law Enforcement Cooperation (Europol) is equally opposed to the idea of paying the ransom amount. “Don’t pay the ransom, you will be financing criminals and encouraging them to continue their illegal activities,” the organisation says.

Moreover, Europol also encourages people to visit No More Ransom, an initiative composed of a number of organisations and companies to help prevent and stop cybercrime. The participants include the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee.

Should the option of paying the ransom be illegal?

While law-enforcement agencies and other similar organisations all agree that victims should refrain from giving into the attackers’ demands, it is still an option for the victim. However, there is a growing wave of support for making this illegal.

The Ransomware Task Force (RTF), a coalition between the Institute for Security and Technology and a large number of partners and experts from both the private and public sector, is advocating for the criminalisation of ransom paying on an international level.

“Since ransomware is a profit-motivated crime, this would hopefully discourage the crime altogether. And no-one would be faced with funding organised crime. The problem is, we don’t live in an ideal world,” Rapid7’s public affairs vice-president Jen Ellis told the BBC recently.

“In the world we do live in, banning payments would almost certainly result in a pretty horrific game of ‘chicken’, whereby criminals would shift all their focus towards organisations which are least likely to be able to deal with downtime – for example hospitals, water-treatment plants, energy providers, and schools. The hackers may expect the harm to society caused by this downtime to apply the necessary pressure to ensure they get paid. They have very little to lose by doing this – and potentially a big payday to gain,” Ellis added.

This view was shared by Cyber Threat Alliance president and chief executive Michael Daniel, who in the same interview explained that profit is the main motivating factor for these malicious entities and that its eradication could play a crucial role in reducing the number of attacks.

“Ransomware attacks are primarily motivated by profit and without profit, attackers will shift away from this tactic. Further, ransom profits are used to fund other, even more dangerous crime, such as human trafficking, child exploitation, and terrorism,” Daniel told the BBC.

“No organisation wants to pay a ransom. Instead, they feel they have no choice, whether it’s due to the threat of insolvency, reputational damage stemming from service interruptions, or the potential for loss of life or wide-scale economic disruption. Indeed, from a purely short-term, organisational viewpoint, paying a ransom is often an economically rational decision,” Daniel added.

How Boltonshield can help

Boltonshield can provide your company with endpoint security solutions, securing endpoint devices such as company laptops and preventing them from being infected by malicious parties.

BoltonShield’s endpoint security security solutions allow us to detect, analyze, and respond to cybersecurity incidents on all devices regardless of the current network they are connected with, enabling you to safeguard employee devices even when they are being used remotely.

Tekniken för maskininlärning gör det möjligt för oss att upptäcka nya hot i realtid och kartlägga dem på ett sätt som ger total synlighet för nätverket. Detta ökar vår förmåga att snabbt diagnostisera potentiella problem och agera därefter.

Du kan kontakta oss to find out exactly how BoltonShield can help you by clicking here.

If you want to get updated about our recent publications about cybersecurity related topics, subscribe to our newsletter.

Prenumerera på vårt nyhetsbrev

Registrera dig för vårt innehåll, inklusive bloggartiklar, nyheter, tips med mera.