Should You Pay The Ransomware Demand?

Share This Post

Ransomware news seems never-ending, but the most recent example is particularly pertinent to the subject: The Indonesian government refused to pay the ransom after a ransomware attack succeeded against a core data centre. It’s relevant because, with the Australian government moving towards legislation that may ban ransom payments, it’s imperative for entities to adopt robust cybersecurity solutions that can mitigate against and bypass the need to capitulate to cybercriminal demands.

Legislative Direction

The Australian government’s proposed Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 signals a shift towards criminalising ransom payments. This legislative move aims to deter ransom payments, which ultimately fund further cybercriminal activities and encourage the adoption of stronger cybersecurity measures. It also underscores the urgency for organisations to develop ransomware-resistant strategies.

Deterrence Through Preparedness

Even without a legal mandate, it’s a good idea to have an alternative to paying the ransom, because doing so fuels the ransomware economy and offers no guarantees. Statistics reveal several critical insights:

  • Declining Success for Ransom Payers: Only 32% of organisations that pay the ransom recover their data, making it a risky and often ineffective strategy (CyberEdge, 2024).
  • Rising Extortion Complexity: Nearly 4 in 5 (78%) ransomware attacks include one or more additional threats beyond data loss, such as data leaks or further extortion, complicating the impact on victims and reducing the efficacy of payment as a solution (CyberEdge, 2023).
  • Increasing Ransom Payments: The average ransom payments are rising, placing a significant financial burden on organisations that choose to pay (Coveware, 2024).

Instead, implementing proactive cybersecurity measures such as regular backups, employee training, and network segmentation can significantly reduce the likelihood of a successful ransomware attack. For example:

  • Regular Backups: Regularly backing up data ensures that data can be restored even if an attack occurs without paying the ransom.
  • Employee Training: Educating employees on recognising phishing attempts and other common ransomware vectors can prevent the initial infection from succeeding.
  • Network Segmentation: Dividing a network into smaller, isolated segments can prevent the spread of ransomware across the entire network.

Cost-Effective Solutions

Investing in preventative cybersecurity solutions is not only a moral and potentially legal obligation but also a cost-effective approach compared to the financial and reputational damage of ransom payments and potential data loss. Consider these impacts:

  • Financial Burdens: For just one example of just how expensive ransomware attacks can be, consider Change Healthcare and the massive financial impact it encountered due to ransomware attacks. Change Healthcare paid a $22 million ransom but faced total costs of $870 million in Q1 2024, with full-year costs estimated at $1.4 to $1.6 billion (CyberEdge, 2024).
  • Broad Industry Impact: Ransomware affects a wide range of industries, including healthcare, finance, and manufacturing, underscoring the universal need for robust cybersecurity measures (Coveware, 2024).
  • Root Causes: Common causes of ransomware attacks include phishing, weak passwords, and unpatched software, all of which can be mitigated through proper cybersecurity practices (Sophos, 2024).

Funding Organised Crime and Hostile Nation-States

Paying the ransom is akin to funding organised crime and may also benefit hostile nation-states that use ransomware organisations like nations used “legitimate pirates” (privateers) in the 17th and 18th centuries. Cybercriminals use the funds obtained from ransomware attacks to further their illicit activities, perpetuating a cycle of crime and escalating the scale and sophistication of future attacks. By refusing to pay ransoms, organisations can collectively diminish the profitability of ransomware operations and contribute to the broader effort of dismantling cybercrime networks.

Creating a Hostile and Resilient Environment

Organisations need to spend more time on preparation—creating an environment that is simultaneously hostile to ransomware and resilient against potential attacks. This includes:

  • Enhanced Cyber Hygiene: Regularly updating software, employing multi-factor authentication, and maintaining strict access controls.
  • Incident Response Planning: Developing and regularly updating incident response plans to quickly address and mitigate ransomware attacks.
  • Continuous Monitoring: Implementing continuous network monitoring to detect and respond to suspicious activities in real time.
  • Threat Intelligence Sharing: Participating in threat intelligence sharing communities to stay informed about the latest ransomware threats and tactics.

As ransomware continues to pose a significant threat to organisations worldwide, the strategy of paying the ransom is increasingly proving to be a flawed approach. With the Australian government’s potential ban on ransom payments, organisations must instead focus on robust, proactive cybersecurity measures. By investing in employee training, regular backups, and advanced security technologies, organisations can defend against ransomware attacks and avoid the dire consequences of capitulating to cybercriminal demands.

Implementing these strategies not only helps in compliance with emerging legislative requirements but also ensures long-term protection against ransomware threats.

To safeguard your organisation against ransomware, start implementing these strategies today. Regularly review and update your cybersecurity measures, educate your employees, and invest in advanced security technologies. Together, we can make ransomware a less profitable and less frequent threat.

References

CyberEdge, 2024. 2024 Cyberthreat Defense Report. CyberEdge Group.

CyberEdge, 2023. 2023 Cyberthreat Defense Report. CyberEdge Group.

Coveware, 2024. Q1 2024 Quarterly Ransomware Report. Coveware.

Sophos, 2024. The State of Ransomware 2024. Sophos.

More To Explore