The expert view Davey Winder
Most ransomware actors are not targeting businesses: the scattergun attack method of bulk phishing distribution catches enough consumer victims. Cybercriminals will always follow the money, and that money is much more likely to be paid by an individual than an enterprise. This explains why the average ransom asked during 2016 was £500. When it comes to businesses, though, recent research from Trend Micro ( pcpro.link/272trend) suggests around 65% of victims pay the ransom. The reasoning varies from business to business, but getting on the wrong side of regulators and being fined accounted for 37%. Nearly a third said they paid because the ransom was affordable.
Which brings me on to probably the most controversial question within the security industry community: should you ever pay a ransom? I will buck the trend for saying “never” by suggesting that you should never say never. What you should say is “if everything else has failed then paying the ransom remains an option”. In that Trend Micro research, 60% of companies didn’t pay as they had the methods in place to get their data back and around 40% got help from law enforcement.
There are other things that should be on a ransomware victim’s to-do list. You could directly ask your security vendor for help, or head to the No More Ransom project ( nomoreransom.org) which can aid data recovery efforts.
If you’ve tried everything else, and the data is valuable enough to your business, only then would I contemplate paying the ransom. While most crooks will do their best to hand-hold you through the data recovery process, and ensure it works, there are no guarantees. The business model revolves around ransom payers getting the data back, otherwise word would spread and nobody would pay.
And the final item on your to-do list: learn your lesson and put the necessary steps to defend against further attacks in place immediately.