Are Ransomware Payments Ever a Good Idea?

Cybercriminals are fueling near continuous news coverage of governments, universities, healthcare systems, and businesses brought to a screeching halt by ransomware. Caught unprepared, these organizations are then forced into an uncomfortable cost-benefit analysis: Cough up the ransomware payment or endure the damaging impacts of downtime and data loss.

It’s not always an easy choice.

But it is an important conversation.

As painful as this is, engaging in this dialogue now can ensure you’re prepared to respond in the face of a ransomware infection or—better yet—avoid it altogether.

Because, if you ask us, no one should ever feel compelled to cave to a criminal’s demands. And, with a solid backup and recovery strategy in place, you don’t have to. (More on that later.)

Should you pay the ransom?

The FBI’s position is that no person or organization should ever pay the ransom; those payments simply embolden cybercriminals to escalate their attacks.

However, caught flat-footed, the resulting data loss and downtime could threaten the sustainability of an organization. It could mean lost jobs, financial impacts for customers, and even threaten lives in the case of healthcare systems.

Even with a not-so-robust backup and recovery solution in-place, some organizations find it may be faster and more cost-effective to simply pay up—restoring business operations as quickly as possible.

With so much weighing in the balance, it’s important to consider the reasons you might pay, and how you can swiftly execute that payment.

That said, you should keep in mind that cybercriminals don’t exactly have a sterling customer service record. Whether the result of incompetence or malice, organizations have sometimes decrypted their files to find their data corrupted—or made the payment only to receive a second, higher ransom demand.

These ransomware payment statistics certainly don’t inspire confidence:

• A recent CyberEdge Group survey found that just a little over half of the organizations that paid ransoms actually recovered their data
• A SentinelOne report found that only 26% of organizations that paid up were able to unlock their files
• The same SentinelOne report also found that, of those organizations that executed ransomware payments, 73% were attacked again

How to thumb your nose at ransomware payment demands

In a recent survey of IT decision makers, we found that while ransomware is a real concern, nearly 70% still view the threat as a data security – not recovery – issue. However, having a formal disaster recovery plan in place can fortify your business systems and applications against downtime and data loss from malicious threats. With proper disaster recovery planning and testing, you can restore your servers, applications, and data without paying out a single bitcoin.

What’s more, if we as a global community are more diligent about backing up our data and testing our recovery, ransomware will cease to be profitable—stripping extortionists of their motivation.

So, how do you get there?

We recommend the following:

• Thoroughly map your servers, applications, and data, establishing RPOs and RTOs for each
• Based on the above insight, establish a backup strategy that cost-effectively meets your SLAs
• Ensure your backup strategy has redundancies in place—ideally with regularly updated copies onsite, offsite, and offline
• Ensure your backup servers don’t live on shared drives
• Protect backup servers with anti-malware/anti-virus—and backup your backup
• Segment your network to limit the damage if your environment is infected
• Shutdown Remote Desktop Protocol on the internet
• Use a VPN before you log into remote machines
• Limit backup server access to necessary IT personnel only
• Don’t surf the web from your backup server except to access updates and patches
• Perform regular disaster recovery testing to ensure your data will be there when you need it

With a robust ransomware solution in place and strict adherence to these best practices, you’ll put yourself in the driver’s seat—and render ransomware nothing more than a speedbump.