Lately, some in the business world have begun comparing ransomware attacks to another crime with a similar profile: kidnapping.
In certain parts of the world it’s actually not that uncommon for high-profile executives and personalities to be snatched off of the street or out of their homes. That’s because there are entire organized crime networks devoted to abducting people and charging ransoms to get them back. Things have gotten so bad in some areas that there are side industries devoted to kidnapping insurance, ransom negotiation, and hostage situation training.
You can see the same thing happening with ransomware. While the focus used to be on prevention, some companies are shifting strategy and treating malware attacks as an expected part of life in the digital age. At the same time, there are entire firms built on the premise that they can help mitigate – but not prevent – the unfortunate reality of a ransomware strike.
On the surface, this can seem very incredible. After all, the standard ransomware advice is to refuse to pay criminals anything. Unfortunately, that strategy of ignoring the problem and moving on is getting harder and harder to implement in the real world.
Consider the options available to a CEO or CIO who discovers their organization has been brought to a halt by ransomware:
Pay and Be a Victim – pay hackers to get access to your files back and you lose twice. First, you have to spend money from your company budget that might’ve been allocated for something else (and potentially something like payroll that is critical to your operations).
And second, you send a signal to hackers that you are willing to negotiate and pay in these types of situations. What deterrent is there against having them come back and demand more money? What if the ransomware is never removed in the first place, even if you pay?
Don’t Pay and Suffer Losses – alternatively, a business owner or leader could decide they won’t pay cyber criminals. This is completely reasonable and ethical, but today’s ransomware attacks are pretty sophisticated. Even government agencies are having trouble recovering files that have been locked up by hackers. That means you might lose permanent access to your data if you refuse to pay a ransom.
Imagine what would happen if you lost weeks’ worth of financial transactions or had to rebuild your network and computer system from scratch. Would that really cost less than paying a ransomware fee, particularly when you factor in the amount of time that would be needed to get a fresh start?
Doing the Right Thing Has Costs
As you can see, both of these options have significant downsides. And that’s before we even mention the negative publicity and attention that could come with either outcome. Certainly, you don’t want it to get out that you have been the victim of a ransomware attack. You don’t want to be the business owner who paid criminals or the one whose company is having IT problems.
As we always like to remind our readers and clients, the best solution to the ransomware issue is to not have it on your computers in the first place. To learn more about prevention strategies, check out our next post on the topic, or contact our team of specialists today to schedule a free consultation!