Pay, Resist or Punt? How Will Your Organization Handle a Ransomware Attack?

Published: July 27, 2016 by Michael Bruemmer


Ransomware has been prominent over the last year. If it becomes as ubiquitous as identity theft and data breaches — and signs point in that direction – how will your organization deal with it when a hacker uses malicious code to lock you out of your own computer systems?

Will you alert the authorities and turn to a ransomware IT expert to unlock the encrypted data? Will you take the risk of a costly and prolonged disruption in business? Or will you do what one hospital recently did, paying the crook to release their systems? Hollywood Presbyterian Memorial Center in Los Angeles shelled out $17,000 earlier this year to unlock its systems after a ransomware attack, the L.A. Times reported.

Escalating risks of ransomware attacks

Ransomware is a malicious code that a hacker places on a digital device or computer network. The code locks the device or network owner out of their own data, and sometimes out of the entire system. The perpetrators demand money — a ransom — in exchange for a code to unlock the malicious encryption.

In 2015, the FBI logged more than 2,400 reports of ransomware attacks resulting in losses in excess of $24 million, according to the bureau. Kaspersky’s numbers are even more appalling; ransomware attacks increased five-fold between April 2015 and March 2016, the security software giant says.

Criminals are aiming ransomware attacks everywhere, at individuals through their smartphones, and organizations through computer networks. Kaspersky says ransomware attacks through phones soared nearly 300 percent in the past year. And earlier this year, the FBI issued warnings about a new type of ransomware that specifically targets businesses, Reuters reported.

For organizations, the costs of a ransomware attack far exceed monetary losses of paying the ransom. Companies must also consider the loss of productivity, costs of IT services, legal fees, reputational damages and more.

Before you respond to ransomware attacks

Already this year, cases like the Hollywood Presbyterian Medical Center attack have made headlines — largely because the victims are paying the ransoms. Faced with the possibility of lengthy and costly business disruptions, many organizations may decide it’s less expensive to pay a ransom and regain control of their systems.

Before making a decision about how to respond to a ransomware attack, businesses should keep these critical points in mind:

  • Although it makes sense to distrust criminals, security experts say in the case of ransomware attacks there seems to be “honor among thieves.” Payment of the ransom usually ends up with data and systems being recovered. The crooks are focused on making money quickly and easily, and they know if they were to extort funds and then fail to deliver on their promises, word would get around and people would stop paying.
  • You need to decide before ever becoming a victim of ransomware whether you’ll pay or not. The decision is not purely a question of security; business risk must come into consideration. Perhaps your organization has certain systems that are so critical, you decide you would pay the ransom if they were attacked. You may decide not to pay for less important systems or devices. If you decide you won’t pay ransom, it’s essential to plan how you’ll manage operational disruption and recover data. For example, you’ll need an excellent back-up system so that if ransomware locks your current data, you can easily gain access to an up-to-date backup.
  • Decide if you’ll treat a ransomware attack as a data breach, and notify customers whose data might be affected. Ransomware doesn’t actually steal or export any information from systems. Consult with outside legal and breach resolution experts to understand what circumstances might trigger a need for legal notification.
  • Be sure your cyber insurance policy covers ransomware attacks. Will your insurer pay the ransom? Will the policy cover the costs of business disruption?
  • Take preventive steps to make your system more resistant to ransomware attacks. Keep regular backups of critical data and systems. Know where critical information and systems reside within your network.

Unfortunately, ransomware works for the criminals. They’re making money at it, and are thus unlikely to give up any time soon. It’s vital for companies to be aware of ransomware risks, make important decisions before falling victim, and take steps to minimize the damages of a potential attack.

Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.