The dilemma of paying a ransom: Should you make ransomware payments?

Should you respond to ransomware demands?

Most law enforcement agencies advise victims not to pay when faced with a ransomware demand. These agencies argue that giving in to threat actors justifies their extortion tactics, encouraging them to carry out future attacks.

Unfortunately, many individuals and organizations ignore this advice. Instead, they agree to pay the ransom in the hope of resolving the situation quickly and preventing a data breach. However, most perpetrators are unlikely to send the victim a decryption key even after receiving payment.

Keep in mind that some ransomware groups aren’t just after money. Sometimes, these groups also want to damage the reputation of their victims. A company’s reputation may be severely damaged if the personal information of customers or users is compromised through a ransomware attack.

Why do victims pay ransoms?

Ransomware attacks are some of the most common cybercrimes used by malicious groups to extort victims. As such, victims may panic and pay the ransom despite law enforcement agencies advising them not to do so. Some of the reasons why victims pay include:

• Urgency and time pressure. Ransomware attacks might cause significant downtime of websites and services while the problem is dealt with. As such, some victims simply want to pay immediately and get their files back as quickly as possible.
• Critical data access. Ransomware hackers often target extremely sensitive data such as bank details or personal information. Some attacks even target hospitals, putting vital patient data at risk. Victims at risk of losing critical data may feel forced to pay the ransom immediately.
• Risk of data exposure. Ransomware attack organizations extort companies by encrypting and threatening to leak user or customer data. To save the public shame of a data breach, some companies may be tempted to submit to ransom demands.
• Lack of secure backups. Companies or individuals without secure data backups are more vulnerable to ransomware. If the victim hasn’t backed up their data before receiving a ransomware threat, they may feel pressured to pay.
• Cost-benefit analysis. For some organizations, deciding how to respond to a ransom attack is a simple numbers game. If paying the ransom is cheaper than the cost of recovering from the consequences, they may choose to give in.
• Fear of further consequences. Receiving a ransomware threat understandably causes panic, especially if the perpetrators threaten victims with further consequences. So it’s no surprise that some victims choose to pay quickly in the hope of avoiding more damage.
• Emotional attachments. Targets might have emotional attachments to some of their data, including personal information or family photos. Ransomware criminals exploit these emotional attachments to make their victims pay the ransom.
• Lack of preparedness. Any company or individual that doesn’t have adequate ransomware defenses will be an easy mark for ransomware hackers. Thankfully, good preparation helps you to prevent ransomware by limiting its impact from threatening your data.

Is it legal to pay a ransom?

When faced with a ransomware threat, it’s important to know that paying the ransom could have legal consequences. Many countries have specific regulations that govern how victims should respond to ransomware. In some cases, ignoring these laws and paying the ransom may be classed as a criminal offense.

In the United States, it’s technically illegal to pay a ransom. Because ransomware attacks are extremely difficult to trace, victims that pay have no idea where their money ends up. Victims could be sending money to countries or groups sanctioned by the US government. Paying the ransom is classed as a serious crime and may incur fines or even imprisonment.

A similar situation applies in the United Kingdom. Paying ransomware hackers under sanction from the UK authorities or linked to terrorism is a serious criminal offense. Possible penalties include fines and even imprisonment.

Why should victims not respond to ransomware demands by paying a ransom?

Ransomware hackers put their victims under immense pressure to pay ransoms quickly. But giving in to a ransom demand usually leads to further exploitation. Let’s discuss some reasons why you shouldn’t pay a ransom in a ransomware attack:

• No guarantee of data recovery. Ransomware hackers are criminals first and foremost. So even if you pay the ransom, there’s no guarantee that you’ll get your stolen data back. While some criminals may give you a decryption key, it will still be difficult to regain access to your data
• Funding criminal activity. Victims who resort to paying the ransom are directly funding criminal activities. It also confirms to the criminals that ransomware is a viable and lucrative strategy. This emboldens ransomware groups to carry out further attacks.
• Risk of repeat attacks. Paying the ransom may seem like the quickest way to find your way out of a ransomware attack. Unfortunately, organizations that hackers know are willing to pay are often targeted repeatedly. So giving in to a ransom demand actually does more harm than good.
• Legal consequences. In some cases, paying a ransom may have dramatic legal consequences. Some ransomware groups are linked to terrorist organizations. Others are based in countries that have been sanctioned by the US or UK governments. Paying the ransom demanded from these groups is classed as a serious criminal offense.
• Ethical considerations. Ransomware threats also present an ethical dilemma. Victims who pay ransoms are effectively choosing to bankroll criminal organizations. Instead, refusing to pay and taking a strong moral stance is the best way to discourage further attacks.

What might happen if you don’t pay the ransom?

Refusing to pay the ransom in a ransomware attack may have serious consequences. The impact of these consequences varies depending on whether the victim is a company or an individual. Let’s examine what could happen if you refuse to pay.

If their target refuses to pay, ransomware criminals may threaten to destroy the data. However, some hackers may sell the data to other criminal groups. Bank details and personal information are lucrative assets for online criminals.

Companies that don’t agree to pay ransoms run the risk of customer or user data being shared online. This is the worst-case scenario because their customers could fall victim to fraud and cyber extortion.

Losing customer data to a ransomware attack may also damage a company’s public reputation. This can lead to a huge loss of revenue. Businesses may also lose hundreds or thousands of customers.

What are alternatives to paying the ransomware in a ransomware attack?

Ransomware attacks can be difficult to deal with. Thankfully, you can deploy several countermeasures to reduce the risk of ransomware incidents. If you’re already dealing with a ransomware problem, you also have ways of minimizing the damage.

• Regular data backups. Regularly backing up sensitive or important data is a crucial countermeasure against ransomware. If you get hit by a ransomware attack, having secure data backups on hand reduces the threat actor’s power to blackmail you. Also, make sure that your data is properly encrypted and stored securely.
• Invest in cybersecurity. Protect your devices from ransomware by investing in up-to-date cybersecurity measures, especially anti-malware. Always keep your programs updated to ensure that you’re fully protected against ransomware incidents.
• Education and training. It’s also prudent to educate your employees about the latest cybersecurity best practices. In particular, make sure that your team knows how to spot the symptoms of ransomware. NordVPN’s Threat Center is an excellent resource for learning about the most prolific ransomware examples.
• Remove the ransomware. Although it can be time-consuming, it is possible to remove ransomware from infected devices. It may be easiest to hire a cybersecurity professional to do this for you.
• Report ransomware attacks. As soon as a ransomware attack occurs, report the incident to the relevant authorities. Reporting cybercrimes like ransomware incidents allows you to get professional help to deal with the problem.

Do cyber insurance policies cover the costs of ransomware incidents?

With the threat of cybercrime rising rapidly, it’s prudent to invest in professional cyber insurance coverage. Many insurers offer policies that include ransomware protection. The best policies cover the costs of both the ransom and the expenses of recovering from the attack. It’s also a good idea to choose a policy that covers any legal costs incurred from a ransomware attack.

However, some cyber insurance policies may have conditions that can be contravened by paying a ransom. As such, it’s important to check these policies carefully to understand what they will cover and what they won’t.

Who should you consult before making a decision about paying a ransom?

If your company is targeted by criminals conducting ransomware attacks, try not to panic. Instead, consult cybersecurity professionals or government agencies before deciding how to respond.

If you’re based in the US, consider contacting the Cybersecurity & Infrastructure Security Agency. Companies and individuals from the UK can consult the National Cyber Security Centre. These organizations may help you devise an incident response plan to minimize the damage.

You should also ask for legal advice regarding the consequences of paying a ransom. This helps you to understand how exactly your decision will legally affect your company and your customers.