The possibility
that the criminals
will not hold up their
side of the bargain
must be factored
into any decision.
And where do you go beyond that?
Any sensible organisation must realise
the need for urgent investment in
determining not only the vector of that
attack but all other vulnerabilities, as well
as rolling out a complete cybersecurity
solution that can block and rollback
ransomware attacks in future. While
these are all costs that need to be
borne regardless of whether you pay or
do not pay, the temptation to take the
quick, easy way out rather than working
through the entire problem risks leaving
holes that may be exploited in the future.
Balance the need for speed of recovery
against several risks:
• Unknown back doors the attackers
leave on systems
• Partial data recovery (note some
systems will not be recovered at all)
• Zero recovery after payment (it
is rare, but in some cases the
decryption key provided is 100%
useless, or worse, one is never sent)
Finally, note that some organisations
that get hit successively by the same
actors might have actually only been hit
once, but encryption payloads may have
been triggered in subsequent waves.
Experience pays off tremendously in
all of these scenarios and ‘knowing thy
enemy’ can make all the difference.
Regardless of whether you or
your organisation have decided to
pay the ransom, it is important to
report ransomware incidents to law
enforcement. Doing so provides
investigators with the critical information
they need to track ransomware
attackers, hold them accountable and
prevent future attacks. u
76
Issue 24 | www.intelligentciso.com