Ransomware Attacks - Never Pay the Ransom (Here's Why)

It's crucial for IT leaders to understand the risks of making ransomware payments. If you're faced with a ransomware attack, this guide will help.

Written by
Subbiah Sundaram
Published on
September 4, 2023
Share on social

Cybercriminals launch malware attacks to target your business's valuable data to hold it for ransom for gain. If you think it won't happen to you, then think again. With an attack happening on average every 11 seconds, and organizations facing downtime of up to 16 days, it's more a question of “when”, not “if” - and this includes your backup data.

When a business experiences a ransomware attack, complying with the hacker's request for ransom might seem like the best solution. After all, hackers say they'll return access to the encrypted data and files once the company pays the ransom.

There are several risks associated with paying ransomware payments.

  • First of all, it can cost you millions.
  • Second, there is no guarantee that the hackers will release your data.
  • At least half of companies that actually pay ransoms were unable to recover all their data.
  • If you pay the ransom, you'll be funding additional future criminal activity.

As an IT leader, you need to make the best decisions for protecting your organization's data.

That's why it's crucial to understand the risks of making ransomware payments before you're faced with a ransomware attack.

The Brutal Reality of Ransomware Attacks  

Ransomware can wreak havoc on an organization's operations and is difficult to detect until you no longer have access to specific files. The ransomware code loads onto a file or computer when a user opens the link or downloads the file containing the code. Once downloaded, the ransomware encrypts business files and may lock down the entire computer. The hacker then sends messages alerting the user to the ransomware and demanding funds.

Ransomware Attacks Are Increasing  

Ransomware attacks are increasing in frequency around the world, with businesses from every industry finding themselves the victims.

Global ransomware attacks on organizations are at an all-time high, with the victimization rate at 68.5%. This number is up from just over 55% in 2018. These figures indicate the likelihood of your business becoming the victim of a ransomware attack in the near future is growing.

Statistics released in June 2022 found that around 5.4 billion ransomware attacks occurred worldwide in 2021. Although ransomware is only the sixth most common type of malware attack worldwide, these attacks can pose a significant threat to your business activities. The cost of a ransomware attack extends past the price of the ransom and can include lost income due to downtime, a damaged reputation, and vanishing customers.

Companies that are not adequately prepared often suffer the most from a ransomware attack. For example, the CEO of Colonial Pipeline confirmed in early 2021 that the company paid a ransom of $5 million to hackers. The company believed that the hackers infiltrated a network that was not protected by multi-factor authentication, a cybersecurity strategy that requires users to verify their identity through multiple means.

What Are the Risks of Paying a Ransom?  

Should companies pay ransomware payments? Giving in is a fairly common response. Of the organizations in the United States that experienced a ransomware attack in 2020, 68% paid the ransom.

However, organizations are likely to experience various risks if they pay hackers. From data loss and contravention of the corporate insurance policy to possible criminal penalties, these consequences can cause even more damage to your organization's operations. Paying the ransom also puts your business at increased risk for a ransomware attack in the future and encourages other hackers to enter the cybercrime business.

Data Loss  

When a business considers making ransom payments, it wants to be sure the cybercriminals will provide the key to decrypt its files once it pays. After all, the reason it would consider paying the enormous sum hackers often demand in the first place is to recover its information.

Ransomware authors are incentivized to release encryption keys to ensure organizations keep paying. If cybercriminals become known for failing to release data, organizations will no longer have the hope of recovering their files once they pay. Eventually, businesses will be less likely to comply with future demands. An organization's trust in the hacker's promise to return the data is its motivation to pay.  

Despite what the hackers say when trying to convince the victim to make ransom payments, there is no guarantee they will give the data back afterward. One study of the outcomes for companies hit by a ransomware attack found that of the businesses that pay the first ransom, only 60% regain data access.

An additional 32% paid further ransoms before retrieving their data, while 8% never regained their stolen information. The chance of losing your data forever may seem slim, but the results could be devastating.  

Paying the first ransom may not solve the issue. If a business decides to comply with the ransom request, the hacker will likely request more money. Even if the hacker provides the encryption keys immediately, it could take the organization weeks or months to restore its encrypted information. In this case, paying the ransom leads to continued downtime and loss of income.  

That's why a fortified data risk mitigation strategy is the best method for preventing data loss in the first place.

Contravention of Your Insurance Policy  

Many insurance carriers now offer cybercrime and ransomware insurance for businesses and other organizations. As cybercrime events become more frequent, more organizations get interested in cyber insurance to provide a measure of financial protection. Insurance providers design cyber insurance policies to cover various costs related to ransomware attacks and other cybercrime.

Having this type of coverage could be extremely helpful in the event of a ransomware attack. An insurance policy could cover repair costs, ransoms, and other expenses. Some business interruption policies may also cover costs related to a ransomware attack. A cyber insurance carrier may also assist in a resolution by sending ransomware specialists to negotiate with the hacker. Cyber insurance can provide a business with peace of mind that the cost of paying a ransom, decrypting data, and more could all be covered.

However, businesses should always check their insurance policies before paying a ransom. Whether or not a policy covers ransom depends on its stipulations and the details of the ransom. Some policies specify that paying a ransom will contravene an organization's coverage. In this case, paying the ransom could invalidate an organization's entire cyber insurance policy.  

Even if a business is insured and covered for ransomware payments, it can expect some difficulties with its cyber insurance renewal and may experience a premium increase. An uptick in the cost of cybercrime also brings increased cyber insurance premiums, which recently rose by an average of 35% in the United States.

Possible Criminal Liabilities and Penalties  

Besides data loss and adverse changes to their cyber insurance policies, organizations could also face possible criminal liabilities for paying a ransom. In these cases, failure to comply with regulations or report a ransomware attack could land organization officials in prison or subject the business to hefty fines.

Some countries have laws against ransom payments, making it illegal to comply with cybercriminals' demands for funds. For example, the United Kingdom's Terrorism Act 2000 lists offenses that could encompass making ransom payments for encrypted data. These offenses include those who make payments or enter into a funding arrangement with an actor and know or reasonably suspect that the funds will be used to fund terrorism. Under this act, the payment of ransoms, even for encrypted data, is an act of terrorism.  

Organizations must also be aware that paying a ransom could put them at risk of violating sanctions. The U.S. Department of the Treasury recently released a ransomware advisory alerting businesses that ransom payments could constitute a violation of the Office of Foreign Assets Control's regulations. The advisory warns that paying ransoms to malicious actors threatens the U.S.'s national security interests. Because of this threat, ransom payments could warrant an enforcement response from OFAC, like a monetary penalty.

While paying ransoms isn't illegal in the U.S., the Federal Bureau of Investigation (FBI) does not support paying ransoms for a ransomware attack. However, the FBI also doesn't support a proposed ransom payment ban, arguing that the solution could lead to more potential for extortion. Instead, the FBI encourages companies to invest in cybersecurity solutions to protect themselves from ransomware attacks.  

Increased Vulnerability for Future Attacks  

Ransomware attacks occur when cybercriminals infiltrate a business' network or systems and gain unauthorized access to sensitive data. After one ransomware attack, organizations may think they can prevent further crises by improving their cybersecurity practices. Some decision-makers might decide that paying the first ransom is worth it if they can get back to work faster and push off making a plan to prevent future ransomware attacks.

Paying a ransom without implementing more robust security controls is a recipe for disaster. Without stronger security, the system is just as vulnerable after the ransomware attack as it was before. It may even be more exposed because the hacker now knows about the system's workings. Even if an organization tightens its network security after one attack, the cybercriminals could have already planted viruses or created a backdoor for future attempts.

Paying a ransom gives attackers a chance to learn about an organization and its network. During their dealings or negotiations with the hackers, organization officials may accidentally let slip valuable information about the system. Whether it was unknowing or under pressure, officials could disclose passwords, usernames, or other sensitive material. Savvy hackers could carefully mine these interactions to gain valuable leverage for later attacks.  

Complying with a cybercriminal's demands for funds also makes them more likely to strike the same organization again. When a hacker knows a company will pay a ransom, that company could become an even greater target.

Reinforcement and Funding of Criminal Activity  

Cybercrime is a lucrative enterprise — the average cost of a data breach worldwide is $4.24 million. Industries like healthcare and financial enterprises take the most significant hits. Whether these expenses are ransom payments or recovery costs, they represent significant losses for an organization.

The cost of a ransomware attack is likely due to the valuable nature of the stolen and encrypted data. Cybercriminals typically go after bank information, credit card numbers, industry secrets, and other sensitive data. Hackers can make a substantial amount from their illegal activities if they can access the right information and the business is willing to pay. Hackers who engage in this organized crime may be drawn to the potential for high earnings from their blackmail.

Paying cybercriminals for the release of encrypted data encourages them to keep conducting ransomware attacks. Malicious actors will continue engaging in cybercrime as long as it is profitable. Each time a victim pays the ransom, cybercriminals are more emboldened to attack systems and acquire data for their own use.

Ransom payments can also fund other criminal activity, especially if the ransomware gang is part of a larger crime organization. Unfortunately, organizations generally can't discover what the ransomware gang intends to do with their stolen information.

Ransoms could fund several kinds of other criminal behavior:

  • Terrorism: Cybercriminals may be part of a terrorist group, whether international or domestic. Terrorist groups may use cybercrime funds to finance illegal and malicious activities.  
  • Additional ransoms: Some ransomware gangs may sell an organization's data to another group that will attack with the same motives. Additional ransoms could lead to widespread identity theft, threats to national security, and much more.  
  • The threat of ruining the organization's reputation: The hackers may engage in extortion, threatening to expose an earlier ransom payment unless the organization provides more funds. This could be a powerful motivation in countries where making ransom payments is illegal. Even in other locations, some businesses may be desperate to keep the ransom out of the media.  

The Best Solution — Ransomware-Ready Backups  

The options for dealing with a ransomware attack may look bleak — lose your data if you don't pay and lose your information if you do. Yet if your organization is victimized by a ransomware attack, complying with the demand for funds is never the ideal solution. The list of risks far outweighs the benefits and illustrates that you should not pay the ransom. However, you still want to recover your lost or stolen data.  

There are data recovery solutions other than making ransom payments. An encouraging 84.5% of global businesses victimized by ransomware recovered their data without paying the ransom. This number is significantly more than those who paid the ransom before recovering the information. These businesses found another way to recover from a ransomware attack, and many organizations can do the same.  

The best solution to the threat of ransomware attacks is to have a ransomware-ready backup. Backing up your files and data can ensure multiple copies are accessible. Even if the original file becomes compromised, companies can access their critical information through the copies. Backups enable organizations to continue their operations and remove the pressure to pay the ransom.  

A ransomware-protection backup solution provides resilient, high-security protection from ransomware attacks. A robust backup and disaster recovery plan helps organizations mitigate the risk of ransomware and reduce the cost of downtime in the event of an attack.

Defend Your Company Against Ransomware  

A ransomware-ready backup solution helps companies recover from attacks and prepares them to feel confident in their disaster recovery plan. When searching for a ransomware-ready solution for your organization, partner with HYCU.

HYCU is an award-winning, multi-cloud backup and recovery solution.

With HYCU, companies can deploy cloud backups in minutes and recover data with just one click.

The simple interface and native tech integration provide data resiliency and help organizations manage their workload.

To experience HYCU for free, schedule a demo of HYCU Protégé today!

Shive Raja Headshot

SVP of Product

Subbiah Sundaram is the SVP, Product at HYCU. Subbiah spearheads product management, product marketing, alliances, sales engineering, and customer success with more than 20 years' experience delivering best-in-class multi-cloud data protection and on-premises solutions. A Kellogg Management School MBA graduate, Subbiah has worked with leading companies such as EMC, NetApp, Veritas, BMC, CA, and DataGravity.

Experience the #1 SaaS data protection platform

Try HYCU for yourself and become a believer.