Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Dataprise
Table of content
Ransomware is now identified as a national security risk and companies are paying up – meatpacker JBS says it paid hackers $11 million to resolve its recent ransomware attack. Worst yet, double extortion ransomware attacks are becoming a more common scare tactic used by hackers. This drives the question – should companies pay ransomware?
This drives the question – to pay or not to pay ransomware? The truth is there’s no easy answer, especially when a new study shows that “80% of organizations that paid the ransom were hit by a second attack, and almost half were hit by the same threat group.”
To help determine your ransomware action plan, you must understand how attackers are leveraging a new tactic, Double Extortion. For thoughts on building a ransomware action plan from our resident expert Stephen Jones, see our How to Survive a Ransomware Attack Webinar. In this day and age, ransomware protection is vital for most businesses.
Double extortion is when a hacker both steals a copy of your data, and either deletes or encrypts the local copy. The criminal asks the business or individual to pay to unlock the local copy and then pay again to ensure that the stolen information is not leaked, dumped, or shared.
The most obvious advantage of paying the ransom is that it’s possible the hacker will do what they’ve promised. You may get access to your data relatively quickly, allowing you to rebuild your network without having to start from scratch. This option may ultimately be more affordable than having to go back to the drawing board.
Paying the ransom may also appease the criminal, which can be a valuable thing if they already have a foothold in your environment. If you refuse to pay, the hacker may choose to wreak havoc with your business or data in more ways than one. Sometimes these methods work, but should companies pay ransomware? There are plenty of reasons not to.
If you pay the ransom, you are essentially putting your trust in a known thief. It explains why the statistics for getting your information back are not encouraging by any stretch. Many criminals will simply pocket the money and cut contact entirely. They might even go onto sabotage your network even after receiving the payment.
Those who pay also mark themselves as someone who is willing to pay, which can make them a bigger target down the road. Larger criminal organizations are known to sell information about their payouts to smaller criminals who are even less likely to play by the rules. Businesses and individuals who pay the ransom are also supporting a criminal organization, making the thieves far more likely to continue stealing from other people.
In addition, the quality of your returned information is not always worthwhile. The Colonial Pipeline team may have paid the ransom, but the decryption tool they received in return was so slow and clunky that they needed to rebuild their network from scratch anyway. Once your information is returned, it’s going to take quite some time to organize, verify, and catalog it all, making initial ransomware protection that much more valuable.
Deciding should companies pay ransomware after an attack is a gamble on either side of the equation. You may save plenty of money if you choose not to pay, but the eventual costs for your business to rebuild or the costs of a malicious Easter egg or two can be catastrophic for a company. It’s ultimately a difficult decision, one that should be made based on everything from the individual hacker involved to the number of hours needed to recover your network.
Dataprise Managed Cybersecurity and ransomware action plans provide the real-time detection, validation, reporting, and response capabilities needed to protect an organization’s IT environment from end-to-end. We expertly combine world class MDR with an elite team of security analysts and a complete cybersecurity program to increase visibility, shut down bad actors quickly and dramatically improve your security posture.
Now that you know the answers to questions about should companies pay ransomware, learn more about other cyber security topics and ransomware protection. For help creating your ransomware action plan, check out these articles and our Cyber Guidebook, developed by experts in managed detection and response.
5 Dos and Don’ts if You’ve Been Hit with Ransomware
The 10 Weakest Links in Cybersecurity
The Three Critical Elements of Cybersecurity Visibility
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.