The “right” answer is no, you shouldn’t pay the ransom. This is similar to the stance the government takes when dealing with hostages. In principle, not paying ransom diffuses the whole process – the bad guys don’t get funded and the effort is for nothing.
Does it ever make sense to pay the ransom?
Consider this – I just read an article by Armor, Ransomware as a Service fuels explosive growth that said the average ransomware demand is about $679. Depending on the size of the company, downtime, and number of employees affected, recovering from a ransomware attack could easily take a day. We need to ask ourselves, does the cost in time, effort, loss of productivity, and possible loss of work for a day exceed the ransom demand? At a low, low price of $679, it may be a no-brainer.
While it is great to take a stand and not let the hackers get away with this, it is ultimately a business decision – one that may make sense.
What if they don’t give you the unlock key?
Depending upon the ransom demand, the decision to give it a try may be relatively simple, but you must decide whether the roll of the dice is worth it.
I’m willing to bet they will give up the key. Why? Because if hackers get a reputation for not producing the key, guess what – nobody is going to pay the ransom demand and the hackers aren’t going to make any money. They want to keep this party going for as long as possible!
In short, you need to make a business decision. If the dollar figure is small enough, pay the demand, chalk it up to payment for lesson learned, and tighten up the security in your organization. The amount of money required to restore operations and the cost of downtime may easily usurp the dollar figure for the ransom.
Not sure if you have all of the correct security implementations in place? Do you know how Bit Coin works? Do you have a game plan for when it happens? The organization I work for, Peters & Associates, can help you assess your gaps and guide you through establishing a long-term strategy. Contact us to speak with one of our security solution experts at firstname.lastname@example.org or 630.832.0075.