Call Today (888) 400-2748

What Happens When You Pay the Ransom?

Call Today (888) 400-2748

It’s a busy, productive Monday morning. You have a lot to tackle this week and briskly move from task to task. Suddenly, a window pops up on your screen rudely notifying you that the file you’re trying to open is encrypted and you will have to pay to restore your data. Your co-workers start murmuring and asking each other, “Hey, did you get this too?”

It turns out that someone clicked a malicious link which spread ransomware throughout the network and now the entire file server is locked. Your company never set up a proper backup solution, so everyone’s work is lost forever. Unless -- desperate times calling for desperate measures -- your company pays the ransom. Could getting all that data back be as easy as forking over a few Bitcoin?

By now we have all heard the advice to never pay a ransom. But, while not cheap, quietly paying off the attackers and getting back to work seems like a less painful alternative to losing countless hours of productivity and staying shut down for days, weeks, possibly forever. But can it really be that simple? What really happens when a company pays the ransom?

According to Sophos’ State of Ransomware 2021 report, nearly a third of organizations hit by ransomware in the last year paid the ransom in hopes of restoring their data. Unfortunately, ransomware attackers are not the most honest businesspeople and most of these companies did not get what they paid for. A whopping 92% of companies that paid ransom reported that they did NOT get all of their data back. On average, companies were able to restore 65% of their data after paying ransom, but over a third of their data was still encrypted and not usable. Only 8% of companies said they were able to get all of their data back.

Only 8% of companies got their data back after paying ransomware demands.

Why you shouldn’t pay the ransom

Companies that choose to pay a ransom are taking a huge gamble. Statistics show that paying a ransom does not guarantee favorable results. On the contrary, the probability of “quietly paying off the attackers and getting back to work” is extremely low. It’s more likely that after paying a ransom, these companies will still have inaccessible files, will still be unable to work, and top of that, will be out thousands of dollars (per Sophos, the average ransom paid was $170,404).

Further, once a ransom is paid and data is “successfully” restored, it can be difficult to tell whether the files are actually clean. Attackers may give the illusion that they have fully decrypted all files, but leave behind malware that can lay dormant until ready to launch another attack.

Speaking of which, companies that have paid a ransom are marked as an easy target for further attacks. 80% of companies that previously paid ransom admitted that they were exposed to additional, repeated attacks.

On top of the monetary hit, companies that pay ransom can suffer from reputational damage and loss of customer trust.

Finally, paying the ransom funds cybercrime and encourages further attacks. The fact that ransomware has become so lucrative in the last several years has attracted more and more cybercriminals eager to make easy money.

What can your company do to prevent an attack?

AllSafe IT recommends the following best practices:

  • Deploy a multi-layered stack of security solutions like AllSafe IT’s Safe Total, which includes endpoint protection, advanced email security, multi-factor authentication, security awareness training and compromised credential monitoring.
  • Implement Backup and Disaster Recovery (BDR). Restoring from backup is the easiest, cheapest and most reliable way to restore data after an attack.
  • Assume you will be hit. We only hear about huge corporations in the headlines, but organizations of all sizes are targeted. Do everything you can to avoid an attack, but also be prepared for the worst.
  • Have a malware recovery plan. Speaking of preparing for the worst, make sure you have an incident response plan in place. This will enable your IT team to quickly mobilize when a ransomware attack starts and may even be able to stop an attack before data can be encrypted.
  • Don’t pay the ransom. Organizations that pay ransom only have an 8% chance of getting all their data back. This is a very poor return on investment indeed

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies in many different sectors. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of your business.

Bones Ijeoma

Author since Dec 12, 2021
Bones Ijeoma is CEO and co-founder of AllSafe IT, and his mission is to make downtime obsolete. Bones received a BS in Computer Engineering from Cal State Long Beach and received an MBA in Entrepreneurship from USC Marshall School of Business. After finishing school and working for companies such as Marriott Hospitality, Dreamworks, and UCLA Medical Center, Bones realized there was a need for small businesses to have access to the same technology solutions that large corporations leverage.

Bones Ijeoma

Author since Dec 12, 2021
Bones Ijeoma is CEO and co-founder of AllSafe IT, and his mission is to make downtime obsolete. Bones received a BS in Computer Engineering from Cal State Long Beach and received an MBA in Entrepreneurship from USC Marshall School of Business. After finishing school and working for companies such as Marriott Hospitality, Dreamworks, and UCLA Medical Center, Bones realized there was a need for small businesses to have access to the same technology solutions that large corporations leverage.
phone-handsetcrosschevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram