Cybersecurity

If you have something of value, others will want it. It’s a simple rule that holds true for jewelry, sports memorabilia, and sentimental items. And when it comes to your company’s data, the same saying applies: hackers might not have any interest in the content of your files, but those files are valuable, which means they’re a target for ransomware. 

Ransomware is exactly what it sounds like—malware that infects your computer and holds it hostage until you pay a ransom. Many hackers view ransomware as part of a business strategy, one in which they’re the provider and you’re the client. But what they’re providing is your own stolen data. Messed up, right?    

Yet, ransomware attacks continue to rise, and many users are forced to decide whether to pay a fine or risk losing their data. Phrased like that, the choice seems obvious: pay the ransom and retrieve your data. However, ransomware attacks are rarely so simple, and paying a single ransom might cost you more time, money, and stress down the line.   

Here are 6 reasons why paying ransomware isn’t the best decision: 

1. There’s No Guarantee the Hacker Will Return Your Files 

If someone steals your lunch and says they’ll give it back for five dollars, are you really going to trust them to return it? They’ve already shown a lack of morals by stealing; lying isn’t that far removed. Similarly, of the 40% of companies who pay a ransom, less than half of them have their data returned. The other 51% lose data and additional funds, and they must suffer the knowledge that they’ve been tricked—talk about adding insult to injury.  

2. Even if you Get the Info Back, the Hacker Still Retains Copies 

Let’s pretend you pay the hacker and have your files returned. Great! Except… returning your copies doesn’t stop the hacker from retaining his own copies. And destroying files isn’t the only way a hacker can compromise your company; he can also threaten to distribute your files, thus leaking confidential information. In other words, as long as the hacker retains his copies, he has the resources to blackmail you whenever he desires.  

3. You’ll be Known as a Company that’s Willing to Pay 

If two companies are attacked and one pays while the other doesn’t, the former is going to look a lot more exploitable. Hackers will see that first payment as an opening to attack you again—and since you paid the first time, they know you’ll probably pay again. Thus, one payment can lead to an unremitting cycle of additional attacks and payments. 

4. Your Insurance Might Go Up 

Oftentimes, a cyberinsurance company will pay off ransomware for you. If the cost is minor, it’s unlikely that your rates will rise. However, if the cost is too steep, or if the insurance company believes your negligence was a contributing factor to the attack, you could be on the line for a higher premium. Your company might also require you to implement additional security measures; although we recommend these added securities, they can be expensive, especially alongside the higher premium.   

5. You Might be Able to Save the Information Yourself 

Some ransomware attacks are easy enough to resolve on your own. Before paying a ransom, it’s important to determine whether your information is actually gone. If you have backups, you’ve probably retained copies of your files, which would make paying the ransom redundant. And if you’re able to decrypt the files yourself, why pay the hacker to do it for you?  

6. You’ll be Financing Future Attacks 

Every dollar that a hacker exploits can be used toward future attacks. Additionally, one successful breach encourages additional breaches. In other words, successful attacks breed more successful attacks, and if you pay a ransom, you’re helping fund those attacks. For this reason, not paying is a smart idea not just for your own company, but for all companies. In fact, the FBI discourages companies from paying ransoms, and instead, asks that they report these attacks to the FBI itself. 

Ransomware attacks are malicious, and the fallout from paying is almost as bad as not paying. Thus, instead of deciding whether or not to pay, the best option is to avoid being attacked in the first place. By fortifying your data and encouraging a culture of cybersecurity, your valuable files will stay where they belong: securely tucked away in your computer, where they’re safe from hackers, ransomware, and other attacks