July 11, 2019 | Cyber Security, Industry Insights

Ransomware. To Pay Or Not To Pay? That Is The Question.

Share This:

If you haven’t been the victim of a ransomware attack yet, you may be someday soon. According to research by the cybersecurity company, Malwarebytes, six of every ten malware infections during the first quarter of 2017 were attributed to ransomware.1 If and when it happens to you, you will have to decide whether to pay the ransom or not. Here are some things to consider that may help in coming to the right decision for you.

If You Decide To Pay

If you pay the ransom, you may get your data back and your operations can return to normal. You can reduce business interruption, although investigation and remediation of any damage to the system is still necessary.

If you pay the ransom, at least there’s a better chance of getting your data back. But there are a few things to consider. First off, bad guys aren’t known for keeping their word. In recent large-scale attacks, the emails associated with digital currency payments were disabled shortly after the attacks and there was no way for the attackers to track who paid ransom and who did not. In other attacks, hackers simply took the money and never provided the encryption keys. In still others, once a ransom was paid and the attackers provided the encryption key, they returned and attacked again.

Another thing to consider if you decide to pay the ransom is that you will likely need to purchase digital currency to do so. That is not the easiest thing to do when you’re under pressure and have never done it before. Bitcoin is usually the currency requested and can be purchased through an online exchange, but the transaction is not immediate. It can take anywhere from 24 hours to several days to set up an account and process a transaction. For that reason, if you determine that you’re inclined to pay ransom, you may want to purchase some Bitcoin or other digital currency to have on hand to facilitate the transaction. However, be mindful that you will need to have access to the funds should your system become encrypted, so you will want to set up your account and store your currency somewhere separate from the system you wish to protect.

Although the media have reported a few ransomware cases with demands that range from tens of thousands to millions of dollars, the average demand in 2016 was $679.2 If you plan to purchase digital currency to have on hand in case of a ransomware event, purchasing between $300 and $1,000 would meet the demands of most attackers.

If You Refuse To Pay

The Federal Bureau of Investigation strongly urges us not to pay ransom.3 Paying ransom fuels the ransomware business, providing incentive for the bad guys to keep on doing it.

The down side of refusing to pay is that you won’t be able to access your data, at least not right away. This is where it’s important to have a forensic investigation to determine what type of ransomware was deployed. If you know the type of malware, the chances of resolving the issue are much higher. In many cases, security companies publish free encryption keys that unlock particular ransomware.

Yet, if you are diligent about back ups—backing up to the cloud and to a removable device—you may be just fine. The most inconvenience and expense attached to the attack may be the time spent installing your backup.

An Ounce of Prevention Is Worth More Than Paying Up In Bitcoin

There are two simple things you can do now to reduce your chances of becoming a victim of a ransomware attack. First, make sure your data is backed up both to the cloud and to a removable device, like a flash drive or removable hard drive. Ensure the data are backed up and make sure that when the back up is done that the removable device is disconnected. More sophisticated ransomware attacks encrypt the computer, the network, cloud files and devices attached.

Second, install security updates to your operating system, software and devices. If you keep on getting messages flashing at you to “install updates,” do it. The most recent ransomware attacks that caused the most damage worldwide exploited the fact that companies and individuals did not take the time to install security updates even though they were free and available.

 

Contains copyright material with permission from The Hartford Steam Boiler Inspection and Insurance Company.

 

——————

1 Malwarebytes, “Cybercrime Tactics and Techniques, Q1 2017.” (https://www.malwarebytes.com/pdf/labs/Cybercrime-Tactics-and-Techniques-Q1-2017.pdf)

2 Symantec, “An ISTR Special Report: Ransomware and Business 2016,” (https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransom ware_and_Businesses.pdf)

3 FBI Public Service Announcement, “Ransomware Victims Urged to Report Infections to Federal Law Enforcement,” September 15, 2016. (https://www.ic3.gov/media/2016/160915.aspx)

Share This:

Related


Guarding Against Fictitious Pickups and Cargo Theft: Tips and Training

Fictitious pickups are increasing in North America. In the US, the percentage of cargo thefts due to fictitious pickup rose from 1% in 2022 to 17% in 2023. Strategic theft patterns are also rising, where thieves use identity theft and fraud with fictitious pickup and brokering schemes to obtain loads from freight locations. Combatting this […]

Cargo Insurance, Industry Insights

We are pleased to announce Karen Rzeszutko has been named President of Roanoke Insurance Group, effective August 1, 2023!

Karen has been a part of Roanoke for nearly 20 years. During this time, she has shown exceptional leadership skills and technical expertise in multiple customer-facing positions, such as Head of Marine & Liability Underwriting and Head of Liability Claims. Her most recent role was SVP, Chief Underwriting Officer, Marine at Munich Re Specialty Group […]

Industry Insights

Unlocking Success: The Key Elements of Carrier Vetting and Managing Liability

By: Andrew Johnson, Account Executive, Roanoke Insurance Group Inc. The freight brokerage industry as we know it today began in the late 1970s and early 1980s, around the time of the Motor Carrier Act of 1980. Before the passage of this landmark legislation, regulations were too restrictive to make freight brokerage a viable business segment. […]

Industry Insights

Roanoke is the leading provider of insurance and surety solutions for transportation and logistics providers. In fact, we are recognized as the most reliable source for U.S. customs bonds.

Contact

If you have any questions or need help, feel free to contact with our team.

800-762-6653

US CORPORATE HEADQUARTERS

1501 E. Woodfield Road

Suite 400W

Schaumburg, IL 60173


CANADA CORPORATE HEADQUARTERS

390 Bay Street

Munich Re Centre, 22nd Floor

Toronto, ON M5H 2Y2

Solutions that Go the Distance.

© 2024 Roanoke Insurance Group Inc. A Munich Re company

Better Business Bureau logoCoverholder at Lloyd's logo