How much should you pay to decrypt ransomware? Pros and cons

Estimated reading time: 8 minutes

Great coaches often recommend focusing your energy on activities that move the business forward. Only do what only you can do. If you want to grow a thriving company, you’ve got to put in the time where it matters most – on getting your business in front of the right people.

We’ve all fallen prey to a packed schedule with late nights. But have you ever fallen prey to a cyber attack?

Try not to imagine the following in too much detail (because it’s scary): One day, you’re dropping off your kids at school. You aren’t thinking too hard about work, because you’ve got a team, and you’ve built a successful system where your employees do a pretty good job keeping the wheels turning. Life’s great – and you earned it. Suddenly, you get a buzz on your phone. The blood drains from your face as you read the text. “All systems are down. We need you here, NOW.”

This is what happens when your business falls prey to a ransomware onslaught: all your essential data is rendered inaccessible. Your payment systems don’t work. Customers are calling, but your staff can’t pull up their files. And then it happens: there’s a big ugly message on every screen: Cybercriminals present you with a hefty ransom demand, coupled with an unconventional proposition to defer payment. It’s like a “buy now, pay later” scheme from hell.

What’s more, recent developments show the bad guys are getting craftier, confronting businesses with some nausea-inducing choices. You might be enticed with a “discount” to avert public exposure of your compromised data (or secure its deletion), with the negotiation process adding a disturbingly personal element to the ordeal: “Pay up, or we’ll humiliate you in public.

To amplify the pressure, cyber crims are playin’ dirty yo. They’re utilizing tactics like countdown timers and public smear campaigns, all aimed at coercing you into crying “Uncle!” when you succumb to their demands.

But there’s a catch: paying a ransom is often a huge mistake. First, there’s zero guarantee of getting your stuff back. Second, it sends a signal to your captors that they can do it again – after all, they got away with it the first time. If the cow gives milk – why not keep on squeezing said cow until it rolls over and files for creditor protection? Further, such payments fuel additional crime sprees, potentially entangling your business in a web of legal trouble.

OK, enough of the scary stuff. What’s the best way to stop these cyber shenanigans from unfolding? Strengthen your defenses:

  • Keep a copy of your data offsite. Test your backups regularly. Remember, a backup is only a backup if it works and isn’t compromised along with the rest of your stuff.
  • Knock some sense into your staff with regular cyber security training. Teach them what email phishing scams look like, and how to avoid opening emails with sus attachments, bad formatting and weird looking links.
  • Invest in modern cyber security platforms. Forget antivirus. Well okay, you still need it, but it’s not gonna help with a crafty zero day. What you need is some robust threat monitoring to keep them baddies from proliferating.
  • For the love of IT folks everywhere: PLEASE. PATCH! There’s nothing worse than a big ol’ CVE exploit in your network just waiting for some script kiddie to get their greasy mitts on. Pick a weekend for some downtime. The cost is gonna be a lot more than your bottom line if you don’t.
  • Stop giving people access to things they don’t need – including you. Segment your network and keep privileges limited to limit the spread of ransomware. Remember, all it takes is one.
  • Have an incident response plan. You’ve planned for everything else, including your retirement. You don’t want to retire broke because some punk hacked into your network and ruined your business. Know what to do if you get hit, so you can get back up and running quickly, without data loss.

Yielding to ransom demands merely perpetuates the cycle of cybercrime. Investing in preventative measures not only protects your business but also contributes to a collective resistance against these unethical practices.

Frequently Asked Questions (FAQs)

How can business respond to a ransomware attack?

Immediate steps include isolating infected systems, assessing the scope of the breach, and contacting cybersecurity experts.

Can antivirus stop a ransomware attack?

In many cases, sophisticated ransomware attacks can bypass antivirus software. Therefore it’s more important to limit access to systems wherever possible.

Are regular data backups effective against ransomware?

Yes, they can significantly mitigate the impact by providing a way to restore encrypted data without succumbing to ransom demands.

Why is staff training crucial in defending against ransomware?

Educated employees can identify and avoid potential threats, acting as the first line of defense against cyber attacks.

Can small businesses afford effective cybersecurity?

Yes, through prioritized investments and leveraging affordable, scalable cybersecurity solutions.

Responsive. Proactive. Leap Cloud Solutions.

Why gamble with your IT investment?

“I’m tired of IT systems that are operating poorly. Tired of expensive & limited solutions that don’t scale with the business. Tired of support applying short-term bandaids to long-term problems. I want a solution that scales without any IT hassles. I want technology to be an aid, not a burden. And I want a team of experts I trust to lead the way. I’m ready.”

Well said. Let's make that happen.

"Leap Cloud Solutions is extremely responsive and thorough. We have found that throughout our communications, their team is very knowledgeable and wants only the best for their clients. Our firm is impressed."

Nolan G. Westlin

Aaron Gordon Daykin Nordlinger LLP

“We hired Leap Cloud Solutions to update our large physician group’s IT platform. Joel and his team provided a sound plan and stream-lined implementation. Leap was very responsive to the challenges we faced.”

Dr. Kevin Froehlich

VH Anesthesia Services