5 Important Questions to Answer Before Ransomware Negotiations

In today’s digital world, threats like ransomware are increasingly prevalent. With cybercriminals improving their attack methods and leveraging the opportunities created by the shift to remote work, ensuring your business-critical data is protected and secure – and available for recovery – is vital.

If a ransomware attack is successful, there are five questions to ask before acting.

1. Is paying the ransom legal?

Different countries handle this cybersecurity question differently.

In the U.S., the FBI has long stated they do not support ransomware payments. In 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) published an advisory that those making ransomware payments risk violating regulations and could face prosecution. In the U.K. or E.U., while it is not illegal to make a ransomware payment, it opens the door to potential charges of money laundering, financing of terrorism, and funding criminal activity.

2. Does paying the ransom work?

Paying a ransom may seem like the only way to regain access to your data, but it’s no guarantee.

In reality, you likely may face other pressure tactics such as double extortion (exfiltration of sensitive business data stolen before the encryption attack) or a denial-of-service attack (DDoS) that could bring down web-facing systems.

3. What is the possible impact of an attack on your organization?

For your business, a ransomware attack can mean:

How long can you avoid these dangers without your data? Only you can weigh the costs and risks.

4. Will your cyber insurance cover it?

Cybersecurity insurance (or cyber insurance) mitigates losses from data breaches, business interruptions, network damage, and similar events – rewarding efforts to reduce risks with greater insurance coverage.

Despite its availability, many businesses don’t purchase cyber insurance because they consider the policies too expensive or too confusing. Like all insurance, however, the question is: How expensive will not having it be to your business when the inevitable attack occurs.

Cyber insurance policies are rarely one-size-fits-all, so it is best to seek help from an experienced broker who can tailor coverage that best meets your needs.

5. How good are your restore capabilities?

Proactive prevention is your best strategy to avoid cyberattacks. If those protective measures fail, though, understand that traditional recovery plans won’t meet today's protection challenges.

Modern recovery after a cyberattack is a different use case – one that requires a different type of recovery plan. To protect your business, you must develop an adaptive risk management strategy integrated with a functional, agile approach. Three main areas to focus on include:

In the end, only you can decide if paying a ransom is right for you, but making that decision means understanding the realities of what the breach means for your business, how it will affect you in the future, and what the costs are beyond the ransom.

Remember: If your business is successfully hit by ransomware, you could be targeted again. Take action now to prevent future attacks.