Show Me the Money: Should You Pay When Hit with Ransomware?
We recently hosted a webinar explaining the intricacies and requirements for Cyber Insurance – a growing need for businesses around the world.
During the event, a great question was asked…
How often do you see a victim of ransomware that has a solid off-site backup say, “no way – we are not paying the ransom!” and turn to their backups instead?
Now, typically if you don’t have a disaster recovery plan in place, and hackers are holding your business hostage – you don’t really have any option but to pay up. But this viewer’s question brought up a great point… if you’ve had a backup plan in place, should you pay up when hit with ransomware?
We took this question straight to our friend Brian Dykstra, CEO of Atlantic Data Forensics. Brian handles hundreds of forensic investigations and data breaches each year for clients around the world. Brian laid out the questions you need to ask yourself before you pay up:
1. Do you have verified, good backups of the data encrypted by the ransomware?
Unfortunately, sometimes clients find their backups weren’t as recent, or complete as they thought they were.
2. What is the dollar value of the encrypted data that you don’t have backups for?
This helps set the expectation for negotiating with a bad actor. You wouldn’t pay $2 million for data that is only worth $200,000 to the business.
3. How long will it take to restore systems to operational, and what is the cost of that restoration?
In some cases, the ransomware demand is quite small (less than $100 thousand) and can be negotiated even smaller.
4. Are you concerned about the information being released on the dark web?
Often, the main threat is the leaking of sensitive information, in this case the attacker will offer their “promise” to keep your information off the dark web. We have seen clients willing to pay some amount to stay off of a leak site – but note, if they stole your data in the first place are they really that trustworthy?