Ransomware: To Pay or Not to Pay — What the Experts Say

/in


Your first reaction is you hope this is someone’s idea of a sick joke, but it doesn’t take your security team long to confirm the dreaded truth. Your organization, end-customer or channel partner has been hit with a ransomware attack.

The day you wished would never come is now a stark reality and the potential cost to your business or customer is staggering, reputation notwithstanding.

If you’re an MSSP, MSP or any type of cybersecurity company, you most likely have an incident response plan in place for you and for your customers.

But is that plan a good one? Is it a sound strategy and a viable plan of action to respond to the incident. Has it prepared you to make the correct decision about whether or not to pay the ransom?

Obviously, it’s not a black-and-white question. The answer is dependent on a variety of factors both internal and external.

Should You Pay the Ransom?

MSSP Alert was pondering the very same questions that our readers surely have about paying ransom. So we asked our security expert community about the right approach to take in the case of a ransomware attack.

MSSP Alert examined two scenarios: What to do if your end customer is hit with a ransomware attack; and what actions to take if it’s your MSSP or MSP that faces a demand for ransom.

Ransomware Attacks Spike in 2023

First here’s some background about the scope of the problem. No surprise, but ransomware attacks surged during 2023. In fact, a Corvus Insurance Q3 2023 report found a 95% increase year-over-year on ransomware leak sites, with many attacks increasing against law firms and municipalities. The number of ransomware victims in 2023 surpassed what was observed for 2021 and 2022, Corvus found.

Sophos’ State of Ransomware 2023 report revealed that in three out of four cyberattacks cybercriminals succeeded in encrypting victims’ data. On average, those cyber victims paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organizations that used backups to recover their data, according to Sophos, an MSSP Alert Top 40 MDR company. Moreover, those companies that resorted to paying the ransom usually experienced longer recovery times. Of companies that were able to use…

Source…