It’s a busy, productive Monday morning. You have a lot to tackle this week and briskly move from task to task. Suddenly, a window pops up on your screen rudely notifying you that the file you’re trying to open is encrypted and you will have to pay to restore your data. Your co-workers start murmuring and asking each other, “Hey, did you get this too?”
It turns out that someone clicked a malicious link which spread ransomware throughout the network and now the entire file server is locked. Your company never set up a proper backup solution, so everyone’s work is lost forever. Unless -- desperate times calling for desperate measures -- your company pays the ransom. Could getting all that data back be as easy as forking over a few Bitcoin?
By now we have all heard the advice to never pay a ransom. But, while not cheap, quietly paying off the attackers and getting back to work seems like a less painful alternative to losing countless hours of productivity and staying shut down for days, weeks, possibly forever. But can it really be that simple? What really happens when a company pays the ransom?
According to Sophos’ State of Ransomware 2021 report, nearly a third of organizations hit by ransomware in the last year paid the ransom in hopes of restoring their data. Unfortunately, ransomware attackers are not the most honest businesspeople and most of these companies did not get what they paid for. A whopping 92% of companies that paid ransom reported that they did NOT get all of their data back. On average, companies were able to restore 65% of their data after paying ransom, but over a third of their data was still encrypted and not usable. Only 8% of companies said they were able to get all of their data back.
Companies that choose to pay a ransom are taking a huge gamble. Statistics show that paying a ransom does not guarantee favorable results. On the contrary, the probability of “quietly paying off the attackers and getting back to work” is extremely low. It’s more likely that after paying a ransom, these companies will still have inaccessible files, will still be unable to work, and top of that, will be out thousands of dollars (per Sophos, the average ransom paid was $170,404).
Further, once a ransom is paid and data is “successfully” restored, it can be difficult to tell whether the files are actually clean. Attackers may give the illusion that they have fully decrypted all files, but leave behind malware that can lay dormant until ready to launch another attack.
Speaking of which, companies that have paid a ransom are marked as an easy target for further attacks. 80% of companies that previously paid ransom admitted that they were exposed to additional, repeated attacks.
On top of the monetary hit, companies that pay ransom can suffer from reputational damage and loss of customer trust.
Finally, paying the ransom funds cybercrime and encourages further attacks. The fact that ransomware has become so lucrative in the last several years has attracted more and more cybercriminals eager to make easy money.
AllSafe IT recommends the following best practices:
AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies in many different sectors. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of your business.