Three Reasons Why You Should Never Pay Ransomware Attackers

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

After falling prey to a ransomware attack, most organizations are faced with the decision of whether they’re going to pay the ransom demand. We’ll save you some time: it’s not worth it, and here are three of the many reasons why it does not pay to pay.

First off, paying the ransom doesn’t mean that your organization will regain access to their encrypted data. Too often that is because the decryption utilities provided by those responsible for the attack sometimes simply don’t work properly.

Corrupted Data

Such was the case with the ProLock ransomware strain back in May 2020. As reported by Bleeping Computer at the time, the FBI found that ProLock’s decryptor might corrupt files larger than 64MB. Investigators went on to warn that victims could experience integrity loss of as much as 1 byte per KB for files over 100MB.

It’s instances like ProLock that help to explain why some ransomware victims suffer data loss and corruption even if they paid the attackers and the attackers provide the decryption key.

In our recently published ransomware report, titled Ransomware: The True Cost to Business, nearly half of respondents (46%) who fulfilled their attackers’ demands regained access to their data following payment only to find that some if not all their data was corrupted. Just 51% said that they successfully recovered all their data after paying, with three percent admitting that they didn’t get any of their data back after payment.

Potential Civil Penalties for Paying

Organizations could incur penalties from the U.S. government for paying ransomware actors who may reside or operate out of countries who are subject to U.S. sanctions. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) made this point clear in an advisory published in October 2020.

The advisory explains that OFAC has included malicious cyber actors including ransomware attackers in its cyber-related sanctions program. The initiative empowers OFAC to impose penalties on U.S. persons who provide material assistance and/or other methods of support to any designated individuals.

Those powers apply even if someone didn’t know that they were dealing with a sanctioned individual…