A message has popped up on your computer screen – a ransomware attacker is telling you that they’ve encrypted your data and you can only get it back if you pay them money.
It’s easy to think – if I pay up it’ll be a lot simpler and I’ll get my data back straight away.
If the attackers are asking you for a few hundred pounds, or even in the case of larger companies maybe a few thousand pounds, then you might make the calculation that it’s just a small cost to doing business in order to recover what’s more important – your critical data.
Should you pay up? The answer from cyber security experts and the police is no. Here's why:
By the time you get notified that you’ve been hit by ransomware, as we explained in the second article of this three part series, you can’t be sure that the virus hasn’t already been on your network for a while. The malware doesn’t tell you it’s there until the attackers feel they’ve spread it far enough in order to announce their presence. So, even if you pay up, you can’t be sure the malware isn’t still there infecting your backups by stealth.
If you pay you probably won’t get all your data back. One in five of those hit do not receive the promised decryption key. For those who do pay and do get the decryption key, the attackers might only give you 80% of your data back or, none at all. Remember you’re dealing with criminals - can you really trust them?
By paying up you mark your organisation out as a known payer to the attackers. When you pay the ransom, if the attackers do give you the decryption key, that key could contain a beacon that leaves what’s called breadcrumbs. This identifies you as a known payer and someone who’s likely to pay up a second time. Six months later they send out another piece of malware that looks for that beacon. It identifies you as a known ransomware payer and targets you all over again.
In summary you shouldn’t pay because:
- The attack might not be for real – the hackers might just be testing you and your data might be safe and sound.
- If it is real you might pay the ransom but not get all your data back.
- How do you know they have left your system even if you’ve paid and got your data back – remember the attack loop.
- When you pay a ransom you identify yourself as a “known payer” to the attackers so they can target you again – your willingness to give in might lead to further attacks.
- You are letting the ransomware attacker win and encouraging them to continue their attacks.
What should you do?
What you should do is have a secure protected and clean backup that can stop the ransomware from spreading even if it does get through your front door. If they can’t get to your data, they can’t steal it.
If you are attacked, work with your backup provider to resolve the incident and get their help to recover your data.
Ransomware is in essence organised crime so the police should be contacted. If the ransomware attack puts lives at risk then obviously it is vital that contact with the authorities is made as quickly as possible.
Ultimately you need to ensure that you’re doing everything you can to protect your backup. Have it off-site or in the cloud with a trusted provider, and train your staff not to open malicious emails or click on suspicious attachments.
iomart has been protecting data for customers for twenty years. Our Backup as a Service solution has been developed to protect your data effectively and efficiently and to scale according to your requirements.
A business is attacked by ransomware every 40 seconds - every day, all year round - so take a look at the BaaS solutions we offer and talk to us today about how we can help protect your organisation against this continually evolving threat.