Don’t Pay the Ransom. Period.

With ransomware gaining more and more attention in the news, companies have been dealing with it whatever ways they can. In an increasing number of cases, they  have been paying ransoms, despite FBI advice not to. They see this as the cheapest route to getting their systems back online, and they aren’t alone in thinking so – some industry analysts have said ransom should be considered “as a valid recovery path that should be explored in parallel with other recovery efforts.” If you can drive the desired outcome (recovery) for a cost (the ransom amount) that’s lower than the alternative (remediation activities), why wouldn’t you? For those who don’t know me, I’m being facetious.

In this post, I refute these arguments. I explain why such assertions are wrong, short-sighted, and ultimately fuel the efforts of hackers who put out ransomware. Furthermore, I highlight the tangible impact to your business resulting from the consequences of paying a ransom.

Isn’t the ransom cheaper than a cybersecurity solution?

Shameless plug, IntelliGO MDR typically costs less than a single security analyst… That said, let’s look at the reasons people (erroneously) think they should pay / that paying is the cheapest option:

  • Astronomical Cost of Downtime

Yes, downtime is expensive – perhaps even leading to catastrophic consequences for your business, if you can’t afford it… but, isn’t that why you have a disaster recovery strategy in place? Imagine that it wasn’t a ransomware attack, but a flood, fire, or power outage that led to such downtime. The point is that there are many causes of downtime that don’t have the ‘too good to be true’ fix of paying a ransom, and that your business needs to mitigate this risk.

  • Risk of Losing Existing Partners, Customers, or Employees

With your company’s data inaccessible, you would (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Effi Lipsman. Read the original post at: