Should Ransomware Victims Pay Up? Experts At Black Hat Speak Out
From the availability of backups and sensitivity of exfiltrated data to the health and safety consequences of nonpayment, here’s what companies must think about before forking over a ransom.
Only If The Business Has No Recovery Plan
Ransomware payment decisions often come down to how well an organization has prepared for such a scenario as well as how confident the victim is that it would get the key needed to restore operations upon payment, said Marcus Fowler, Darktrace’s director of strategic threat. Most importantly, Fowler said the decisions comes down to the soundness of the victim’s damage control and recovery plans.
Well-prepared boards have thought about how they can recover and restore operations without paying in the event of a ransomware attack, Fowler said. The company’s leadership also needs to assess how long it’ll take to get back online in both a payment and nonpayment scenario, as well as how significant an impact the restoration delay associated with nonpayment would be for the business, Fowler said.
Ransomware groups with a track record of restoring victims that pay should be approached differently than groups that have never produced a decryptor key that actually works, according to Fowler. “I can guarantee you none of them [the ransomware victims] wanted to pay and none of them wanted to be in that position,” Fowler said.