We don’t like to think about it, but ransomware attacks are on the rise, and that means the chances that your business goes through one are on the rise, too.
At Blue Ridge Tech, we genuinely hope you never suffer a ransomware attack — and we can help you reduce your risk in all kinds of ways.
But if you do go through a ransomware attack, it pays to be prepared. That means understanding how these attacks work, what kinds of new tactics and innovations the scammers are using, and so on.
Most importantly, you need to have a ready answer to this fundamental question: should you pay up, or should you refuse to do so (and risk whatever consequences you’ve been threatened with)?
The Best Answer Is Avoiding the Question Entirely
Of course, the best answer is “none of the above.” If you can avoid getting into this situation, you should. That’s why robust cybersecurity tactics and cybersecurity awareness training are so important.
Why Businesses Are Tempted to Pay Up
It makes sense why businesses consider paying up: what’s a modern business without its data? Depending on what the bad guys locked up or stole, it can feel like business can’t go on. And depending on what industry you’re in, losing control of your customer data could carry hefty penalties. The loss of trust could feel like the end of your business as you know it.
If you’ve got the cash, it’s tempting to feel like paying up will just make everything go away. (That’s probably not actually true, though — more on that later.) And it’s definitely the fastest (at least, fastest-sounding) way to get back to business as usual.
Ransomware attackers are stepping up the pressure tactics, too: Now we’re seeing attacks with multiple payment options (kind of a “choose your payment and your penalty” situation), installment payments, ominous countdown timers, and worse. The pressure to pay gets amped up even further as the threatened outcomes of not paying ratchet ever higher.
Why You Shouldn’t Ever Pay Ransomware Demands
No matter how tempting it is to pay up, the average small to midsized business should never, ever do so. Here are a few of the reasons why.
1. Paying doesn’t guarantee anything whatsoever.
Look, you’re not exactly dealing with the nicest, most honest people here. What they’ve already done is illegal and malicious. So does it really make sense to trust them with buckets of cash (or cryptocurrency)?
What assurances do you have that they will restore access to your files when you pay up? Do you even know for sure if they have the technical capability to do so? And what if they keep a copy of everything anyway, waiting until months later when you’re not looking to sell it on the dark web?
So, sure, best-case scenario, you pay them, and they magically turn into honest, transactional businesspeople. But…how likely is that, really?
2. Paying encourages the grift.
Businesses that pay up reinforce the cycle, showing other bad guys that this tactic is one worth using. It’s kind of the old “never negotiate with terrorists” idea: the more you give the bad guys what they want, the more you encourage them to keep on with the bad behavior.
3. Paying could carry legal or liability issues.
These are bad folks you’re paying off, and they tend to be tied up in stuff you don’t want to be a part of. Paying them could put a mark on your company’s reputation, associating you with whatever bad stuff they’re involved in. And in some jurisdictions, paying off ransomware attackers is actually illegal.
Get Protected and Have a Plan
Our best advice to dealing with ransomware? Get protected by working with a partner that understands the threats. Then formulate a response plan: put in writing what you’ll do if a ransomware attack happens. That way, you’re not responding rashly in the moment of crisis.
Need help with your cybersecurity response or other IT needs? Give us a call!