Should Companies Pay Cyber Ransoms?

Austen Clark, managing director of Scottish IT specialists Clark Integrated Technologies says that ransomware demand can be commercial suicide for a business, as it has the potential to ruin its reputation, send share prices plummeting and it may struggle to recover from the damage done.

Austen’s advice is simple - prevention is better than cure.

“Should companies pay cyber ransoms? The answer is that they should never have been in the position to be ransomed in the first place.

“Ransomware is the most financially successful hacking tool over the past four years. Revenues from ransomware have been increasing exponentially year on year – in 2106 it was reported a 6,000% increase in revenues.

“It is also one of the most publicised forms of attack so companies really have no excuse for failing to have appropriates backups, data recovery and updates in place. This is always preventable – hence why a business should never find itself in this position.”

Even after an organisation has been compromised, it should not consider paying a cyber ransom, says Austen.

“By paying the attackers, you have confirmed that their method works, and paying a ransom does not guarantee you will get your data back. These are dishonest people, and even when you hand over the ransom they might not do the right thing. It has been well documented that they do not always release all of the data, holding out with additional requests.”

As long as companies continue to pay up, then hackers will strike in this way.

Austen adds: “There are few that will admit to an attack – and even less that will admit paying up, so this is vastly under reported but this has crippled companies before, and it will again. Organisations like Nayana will be in the press for a long time and for all the wrong reasons.”

Austen outlines practical preventative measures relevant to all businesses to defend against a ransomware attack.

  • Install and update a current version of Antivirus/Malware software.
  • Update and patch the computer Operating System when advised by your vendor.
  • Update and patch Applications when advised.
  • Be vigilant and be suspicious: training to recognise a possible attack is recommended
  • Make regular backups of all of your data

Austen concludes: “If you follow these points you will avoid a ransomware attack which really is the best defence. In the event of falling victim you can restore your information and not have to pay a ransom. Backup data to a separate source like a Data Centre, Cloud, or external hardrive, basically anywhere but your current source.”