To Pay or Not to Pay? – A Guide to Ransomware

Wednesday May 10 2017

If your business has been targeted by cyber criminals it can leave you in a tricky position, do you respond to their requests or risk losing all your vital data? With so much of a business’ operations now being digital, even a simple cyberattack can leave a firm unable to conduct their daily operations causing damage to both their bottom line and reputation. Unfortunately, ransomware is a growing problem in the business world and one that firms need to be prepared to deal with. 

What is ransomware?

Ransomware is a type of malicious software that affects your IT systems. The software blocks access to the system, demanding that a sum of money is paid in order to restore access. The payment amount can be in the tens of thousands and there’s no guarantee that access will be restored even if payment is made. Victims of ransomware will often be given a time limit to pay up, with all their data being erased after this point.

Ransomware can infect IT infrastructure the same as any other malware does, such as through email attachments, compromised websites, or infected USB drives.

What’s the scale of the problem?

The problem of ransomware is huge and one that’s growing. According to statistics, over half of UK businesses have been targeted by a ransomware attack within the last year, placing significant pressure on their security budgets, processes, and operations. Around a third of companies that face a ransomware attack lose revenue as a direct result, highlighting the risks.

The amount of ransom that’s demanded from the hackers varies hugely but for a fifth the figure was more than $10,000 and for 3% the cash demanded exceeds $50,000. Such sums will certainly give businesses pause for thought when they’re deciding whether to make payment. Perhaps unsurprisingly, given the often valuable nature of business data, a survey indicates that almost two thirds of British businesses that have experienced a ransomware attack have chosen to pay up.

What should you do when you’re hit with ransomware?

If you’re hit by a ransomware attack you simply have two option – to pay or to not pay.

Choosing to pay – It’s easy to see why many business choose to pay the money with their revenue and operations on the line. However, it’s worth noting that authorities urge businesses not to cave in, noting it will encourage further attacks, and emphasis that there’s no guarantee that access will be restored following payment.

Not paying – Unfortunately there’s often little you can do once ransomware has affected your IT systems when it comes to getting your information back. Choosing not to pay means relying on backed-up data and in this case preventive measures are vital.