To Pay or Not to Pay: How to Handle Ransomware Negotiation

managed IT Services | Cyber Security

It may seem like a nightmare scenario, but the rise in ransomware attacks has led some business leaders to ask themselves what they’d do if faced with one. Who should you call first? Should you engage with cyber attackers? If not, who should?

These are tough questions to answer, because every case is unique, and the stakes are higher for some. For example, healthcare data breaches are particularly sensitive due to HIPAA laws and the consequences of violating them. So, if your business faces cyber extortion, how do you deal with it?

Should You Pay Ransomware to Recover Your Files?

Ransomware is a type of cyber attack that aims to blackmail victims into paying large sums of money to recover stolen data. Often, attackers will threaten to leak data to the public, your customers, or your competitors if you refuse to pay them.

On the other hand, attackers will promise complete restoration with no damage inflicted if you choose to comply with their demands. This ignites the question: is it easier to just pay the ransom than to refuse?

As in most negotiations, the answer to this question is: it depends. Before you pay a ransom to recover your data, assets, or network, consider factors such as:

  • Could your business realistically recover if data was leaked?
  • How sensitive or legally protected is the stolen data?
  • Could a cybersecurity expert or ransomware negotiation coach remediate the situation to do damage control?
  • How long could your business go without access to data or assets being held hostage?
  • What went wrong to cause this attack? How at fault is your business? Will this affect insurance claims?

You might feel overwhelmed by trying to answer these tough questions. The good news is, cybersecurity providers and cyber insurance companies can offer guidance to help you decide the best course of action.

What Are the Consequences of Paying Ransomware?

If you ultimately decide to pay off hackers, when then? This will depend on the cybercrime group or individual attacker, and there have been mixed outcomes for those who paid ransoms.

According to a study by Sophos, 56% of businesses that fell victim to these attacks chose to pay the ransom. Almost all (92%) of all victims surveyed were unable to get all of their data back according to Sophos.

Remember that there may be additional legal consequences in some cases for paying ransomware. The United States Department of the Treasury released an advisory warning that ransomware payments to certain foreign entities could violate sanctions against collaborating with cybercrime groups or foreign state-funded cybercriminals. Consequences would apply even if victims unknowingly paid a restricted foreign entity.

In many cases, when victims choose to pay attackers, they are actively funding crime networks for drug and human trafficking, terrorism, and other threats to national security and the economy. This is why certain federal sanctions are in place, with the intent of dismantling the monetization of ransomware schemes.

Why Do Big Companies Pay Ransomware Attackers?

The average ransom demand was over $4.3 million, and businesses with higher annual revenues were more likely to pay them.

According to the study, this trend is likely due to the greater availability of these funds for larger businesses, which means small businesses are in a much more compromising position.

What Should I Do If I Get Attacked by Ransomware?

Having to choose between paying millions to ransomware attackers or facing the ramifications of data leaks or downed networks can make business owners feel backed up against a wall.

However, almost half of surveyed victims in the Sophos study who paid ended up paying less than the initially demanded amount. This shows that negotiation can make a big difference if you lean towards payment.

For this reason, if you become aware that your business has fallen victim to ransomware, your best options are to:

  1. Leverage your cyber insurance company
  2. Utilize resources such as ransomware negotiation services provided by your insurer
  3. Have a third-party provider investigate the breach to assess the damage
  4. Consult with a cybersecurity provider to find your network security gaps

Speak to a Cybersecurity Expert CTA

Does Cyber Insurance Cover Ransom Payments?

If you have a cyber insurance policy or you’re looking to apply for one, it’s important to read the fine print on the coverage you’d qualify for. Ransomware insurance policies can differ, so you should know what your policy covers, any stipulations, and what you may still be on the hook for.

In some cases, cyber insurance companies can assist in ransomware payments as a last resort. However, they will typically provide you with resources for ransomware negotiation services, ransomware remediation, and data recovery first.

It’s important to remember that even if you have a cyber insurance policy in place, there is no guarantee a claim will be approved. The best way to maximize your chances of approval in case of a successful breach is to ensure you have proper protections in place such as:

To read more about what cyber insurance covers and how claims could be denied, read our blog: What Does Cyber Insurance Not Cover?

How To Backup Data to Protect Against Ransomware

Solid data backups can simplify your ransomware response plan if your sensitive data is compromised. Hackers rely on the fact that victims have no way to bounce back from ransomware infections. Data backups can prevent the destruction of your data, even if it's stolen by threat actors.

To read more about the importance of data backups and different types of backups, read our blog: Should I Have a Physical Backup and Disaster Recovery Device or Move to the Cloud? 

Find an MSP Equipped to Prepare You for Attacks

Ransomware preparedness starts with having adequate protection in place to mitigate the risk of a successful breach. This way, you're less likely to need ransomware mitigation services in the first place.

A managed service provider (MSP) will be your best resource for preparing your business for the latest types of ransomware threats. If you're ready to jump into optimizing and securing your IT environment, click the button below to speak to a cybersecurity expert about your business.

Discover Your Solution

About Jada Sterling, Digital Content Manager

Jada Sterling is Usherwood's Content Manager. She is responsible for developing content that furthers the mission of Usherwood Office Technology by helping clients and prospective clients better understand how technology can help grow their business.