To Pay or Not to Pay: Should You Pay a Hacker for Your Data?
If you’ve been reading and following security best practices and you have purchased the Jungle Disk cybersecurity suite, this is unlikely to happen to you, but if you don’t … imagine this scenario: You go into work, you key up your laptop and a blank screen pops up stating:
“ALL FILES ARE ENCRYPTED. TO RESTORE, YOU MUST SEND $700 OR EQUIVALENT FOR ONE COMPUTER OR $5000 FOR ALL NETWORK ACCEPTED VIA BITCOIN.”
It sends chills down your spine because someone is in your house, with some of your most prized possessions. What’s most frightening is that your business depends on how you proceed. Should you pay the hacker to get back to work, or should you buy a new computer and forget the data? There are a lot of variables to consider when deciding whether to pay a ransom.
One question you should ask yourself is whether you have backups enabled and can you restore the data being held hostage? If the answer is yes, then you can likely tell the hacker that you don’t negotiate with terrorists and wipe your computer, change your passwords, implement network security and go on your merry way. If you don’t, you may be at the mercy of your hacker, depending on how critical that data was.
If that’s the case, you should definitely find out whether you have cyber insurance, be it a standalone policy or wrapped into your business owners owners policy (BOP). If you do, find out what it covers. At this time, most policies that are wrapped into BOPs do not cover ransomware demands, but some do, and it’s important to let your insurance provider know if your system has been compromised. They may cover the demands or at very least, they may be able to help cover restoration costs or provide resources to investigate how the hacker got in. Many policies can help cover costs for data breaches and crisis management should your customer data be compromised. Either way, see what your policy covers.
The FBI strongly advises against paying the ransomware. In an April 2016 press release, FBI cyber division assistant director James Trainor was referenced stating:
“Paying a ransom doesn’t guarantee an organization that it will get its data back — we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
This is a critical point to make. Even if you absolutely MUST pay the ransom to get your business data back, in that all of the answers to the aforementioned questions are “no”… it would be wise to consider the impact you may have on ransomware as a threat to the community around you. Yes, you are only one case, but paying the ransom, most certainly contributes to the rise.
Ultimately, if you are in the position to make decisions within the realm of data security for your company, you should be enacting data security best practices to ensure you never have to ask whether to pay or not pay a hacker. To test your network for free today, give us a call at 1-888-601-0401 or click here.