We may still feel inclined to make an
unethical choice considering other,
seemingly more pressing concerns.
There is a real, tangible pressure on
making a choice that could save your
organisation or your city millions of
dirhams, or which might spare weeks of
downtime of a critical service.
However, the possibility that the
criminals will not hold up their side of
the bargain must be factored into any
decision about paying a ransomware
demand. In some cases, decryption keys
are not even available and in others,
the ransomware authors simply didn’t
respond once they were paid.
A further point to consider when
weighing up the prudence of
acquiescing to the demand for payment
is how this will affect your organisation
beyond the present attack itself.
What happens if I don’t pay a
ransom for ransomware attacks?
If you choose not to pay the ransom
then of course you are in the very same
position the ransomware attacker first
put you in by encrypting all your files in
order to ‘twist your arm’ into paying.
Depending on what kind of ransomware
infection you have, there is some
possibility that a decryptor already
exists for that strain; less likely, but not
unheard of, is the possibility that an
expert analysis team may discover a way
to decrypt your files.
A lot of ransomware is poorly written
and poorly implemented, and it may
be that all is not lost as it might at first
seem. Also consider whether you have
inventoried all possible backup and
recovery options.
Finally, there is the worst-case scenario,
where you have no backups and no
recovery software and you will have
to dig yourself out by rebuilding data,
services and perhaps your reputation,
from the ground up. Transparency is
undoubtedly your best bet in that kind of
scenario. Admit to past mistakes, commit
to learning those lessons and stand tall
on your ethical decision not to reward
criminal behaviour.
What happens if I pay a ransom
for ransomware attacks?
There is perhaps more uncertainty in
paying than there is in not paying. At
least when you choose not to pay a
ransomware demand, what happens next
is in your hands. In handing over whatever
sum the ransomware attacker demands,
you remain in their clutches until or unless
they provide a working decryption key.
Before going down the road of paying,
look for experienced advisers and
consultants to help negotiate with the
extortionists. Tactics like asking for
‘proof of life’ to decrypt a portion of the
environment up front prior to payment, or
to negotiate payment terms like 50% up
front, and 50% only after the environment
has been decrypted, can work with
some groups, albeit not with others.
Most of the ransom is still being paid
in Bitcoin, which is not an anonymous
or untraceable currency. If you do
feel forced to pay, you can work with
authorities and share wallet and payment
details. Law enforcement agencies are
keen to track where the money moves.
www.intelligentciso.com | Issue 24
75