The choice of whether or not to pay ransomware is certainly a tough one. For healthcare organizations, it could even be a life-or-death decision as many sick patients rely on medical equipment that can be encrypted and locked if hit by a ransomware attack. On the other hand, law officials and the FBI agree that paying the ransom only further encourages cybercriminals to launch more attacks, demanding more and more in return each time. In fact, the number of new forms of ransomware in the first half of 2016 has already exceeded the total number in 2015 by 172 percent, according to a recent SC Magazine article.
Christopher Budd, global threat communications manager at Trend Micro, explained, “There is no situation where it is acceptable to pay the ransom. If you do, there’s no guarantee you’ll get your data back. There’s no guarantee that you won’t face additional demands or attacks. Finally, paying the ransom harms not only yourself but everyone because it makes crime pay and gives attackers incentives to carry out additional attacks in the future.”
As more cybercriminals enter the ransomware game, and as veterans continue to find their time well spent, organizations must understand that if files are regularly backed up and cybersecurity investments are increased on the front-end, the “pay or lose your files” decision will never have to be made in the first place. If a company does find itself facing that decision, having a ransomware crisis plan in place can help the organization make timely and responsible decisions.