According to a survey conducted by ThycoticCentrify, almost three in every five companies have become a victim to a ransomware attack in the past 12 months in United States. And most of them think that paying a ransom is wise in ransomware attacks as it helps them recover all encrypted data at once and will assure minimal downtime.
Stephanie Welsh from Cisco Talos is advising companies not to pay any ransom for two reasons. First, it doesn’t assure a decryption key for sure as soon as a ransom is paid. And second, hackers might target the company’s IT infrastructure again as they treat it as a soft target of making easy money as soon as a ransom is paid in the first cyber incident.
In November 2019, FBI issued a warning that companies should not bow down to the demands of those spreading ransomware as it can backfire against them within no time. However, in March 2020, the law enforcement agency issued an update stating that companies need to think wisely if they have become victims of ransomware attacks.
Meaning if there is no other choice left to them, then they can pay ransom to recover data.
It is better to be proactive rather than being reactive in such circumstances by keeping a data continuity plan on hand. Keeping a threat monitoring solution on hand also helps in such situations, as it issues an alert about any intrusion before any untoward takes place.
So, companies should start focusing and allotting budget for incident response plans. As such investments make complete sense in the event of a digital business disaster.
