Ransomware: Why Not Pay The Ransom Following An Attack?

What Is A Ransomware Attack, What Is It?

Also called ransomware, this cyberattack is a “hostage” of a company’s computer data. Typically, cybercriminals send an email to a victim containing a file or link that allows them to encrypt the data and render it unusable. The goal is to subsequently demand a ransom in exchange for a decryption key supposed to give them access to their data. 

The ransom varies depending on the company and its activity. According to cybersecurity researchers from Palo Alto Networks, the average amount paid was around 541,000 euros in 2021. It can reach several million euros. According to CheckPoint Research, there has been a 59% increase in ransomware since 2021. 

More than half of companies in France have been victims of such an attack. Previously, this threat mainly affected individuals. However, for several years, the trend has changed. Cybercriminals are now attacking professionals. Their targets are mainly organizations with significant financial means or sensitive activities. Much larger ransoms can therefore be demanded.

Reasons To Say No To The Ransom

Don’t panic! Imposed deadline, loss of company stored data, making stolen information public…. So many reasons to give in to panic… Paying the ransom involves risks and in no way guarantees the recovery of the extorted data. This is why the ANSSI (National Agency for Security and Information Systems) recommends not giving in to this blackmail. It is, therefore, essential to assess the risks and consequences of this decision for the company before making a decision. 

You Have No Guarantee

It is important to remember that nothing guarantees data recovery after paying the requested ransom. According to a recent Cybereason study, out of 100% of ransomware-victim companies that paid the demanded ransom:

1. Only 51% of companies have recovered all of their data.
2. 46% of companies have partially recovered their data.
3. 3% of companies have not recovered any stolen data or files
4. 80% of victims suffered a new ransomware attack afterward.

Also, sometimes more than the decryption key is needed to restore your data properly. During the attack, files may have been corrupted and other components damaged. The key gives you access to your data but will only sometimes allow you to recover them in good condition.

The Payment Is Not Secure

Hackers usually ask for payment in virtual currency to leave no trace for the competent authorities. Other means of dangerous regulations are imposed, for example:

1. A bank transfer to an unidentifiable account allows cybercriminals to access bank details.
2. A payment on the dark web can generate a new cyberattack.

You Participate In The Financing Of Criminal Activities

Yielding to the ransom demand is equivalent to developing and ensuring the sustainability of hacker networks. Thanks to the ransoms collected, hackers can use new techniques that are even more efficient and sophisticated and possibly attack their victims again. The Authorities Advise Against It

Relevant authorities strongly advise against paying the ransom to cyber criminals after ransomware. Moreover, the launch of legislation prohibiting the payment of ransoms is planned. Indeed, from a moral point of view, it is customary to prohibit a payment that helps offenders. However, some companies would risk breaking the law to recover their data.

How To Avoid Ransomware?

 With the increase in cyberattacks, companies need to ensure the flawless security of their computer system. Anticipation and prevention are vital points to limit the risks associated with Ransomware attacks. Implementing an effective backup solution adapted to your activity is essential. The same applies to the Disaster Recovery Plan (PRA) and possibly the PCA (business continuity plan), depending on your security needs. A few best practices must supplement these systems:

1. Regularly update the security system in place.
2. Be vigilant about the emails received and the websites consulted. The majority of attacks happen this way.
3. Do not use an “administrator” profile to read emails and browse the web.
4. Reinforce the authentication system with complex passwords to be changed regularly and with double authentication.
5. Update your firewalls and antiviruses to ensure proper functioning.
6. Educate your employees so that they identify ransomware and adopt the right digital gestures.
7. Make regular backups and test them to ensure that they are working correctly.
8. Shut down the computer if you are not using it. This saves money and limits digital pollution.
9. The Procedure To Follow In The Event Of A Malware Attack

In A Rush, Companies Do Not Necessarily Know How To React To An Attack

The steps to follow are as follows:

1. Unplug the set and deactivate the wifi connection.
2. Inform the technical team or your IT service provider as soon as possible so they can intervene immediately.
3. Keep evidence to hand over to authorities.
4. File a complaint with the police or the gendarmerie.
5. Inform the CNIL (Commission Nationale de l’Informatique et des Libertés) in the event of alteration or theft of personal data.
6. Perform a full restore of your device and restore your data via backup.

BA Info To Secure Your Data

 BA Info does more than support you in optimizing your cybersecurity. It advises you to anticipate and protect your computer system from possible attacks. At BA Info, our expert technicians ensure the protection of your data thanks to our high-performance cybersecurity solutions, such as our firewalls or antivirus. We also support you in setting up a Disaster Recovery Plan (DRP) and preventive strategies to secure your systems. It is also essential to educate your teams. Opt for our phishing simulations to teach your teams how to identify and avoid a ransomware attack.

Read Also: Six Common Objections To Cybersecurity Awareness