Insight and analysis on the information technology space from industry thought leaders.

5 Important Questions to Answer Before Ransomware Negotiations

Ensuring your business-critical data is protected and secure – and available for recovery – is vital.

ITPro Today

May 17, 2021

3 Min Read
Photo-of-man-in-suit-and-man-in-hoodie-sweatshirt-and-mask,-both-holding-a-laptop

In today’s digital world, threats like ransomware are increasingly prevalent. With cybercriminals improving their attack methods and leveraging the opportunities created by the shift to remote work, ensuring your business-critical data is protected and secure – and available for recovery – is vital.

If a ransomware attack is successful, there are five questions to ask before acting.

1. Is paying the ransom legal?

Different countries handle this cybersecurity question differently.

In the U.S., the FBI has long stated they do not support ransomware payments. In 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) published an advisory that those making ransomware payments risk violating regulations and could face prosecution. In the U.K. or E.U., while it is not illegal to make a ransomware payment, it opens the door to potential charges of money laundering, financing of terrorism, and funding criminal activity.

2. Does paying the ransom work?

Paying a ransom may seem like the only way to regain access to your data, but it’s no guarantee.

In reality, you likely may face other pressure tactics such as double extortion (exfiltration of sensitive business data stolen before the encryption attack) or a denial-of-service attack (DDoS) that could bring down web-facing systems.

3. What is the possible impact of an attack on your organization?

For your business, a ransomware attack can mean:

  • Temporary or permanent data loss

  • Complete operational shutdown

  • Revenue loss

  • Reputational damage

How long can you avoid these dangers without your data? Only you can weigh the costs and risks.

4. Will your cyber insurance cover it?

Cybersecurity insurance (or cyber insurance) mitigates losses from data breaches, business interruptions, network damage, and similar events – rewarding efforts to reduce risks with greater insurance coverage.

Despite its availability, many businesses don’t purchase cyber insurance because they consider the policies too expensive or too confusing. Like all insurance, however, the question is: How expensive will not having it be to your business when the inevitable attack occurs.

Cyber insurance policies are rarely one-size-fits-all, so it is best to seek help from an experienced broker who can tailor coverage that best meets your needs.

5. How good are your restore capabilities?

Proactive prevention is your best strategy to avoid cyberattacks. If those protective measures fail, though, understand that traditional recovery plans won’t meet today's protection challenges.

Modern recovery after a cyberattack is a different use case – one that requires a different type of recovery plan. To protect your business, you must develop an adaptive risk management strategy integrated with a functional, agile approach. Three main areas to focus on include:

  • Training. By educating your users through cybersecurity awareness training, you let them know the risks associated with their actions and limit the risk to your business.

  • Protecting backups. Backup files and processes are a frequent target for hackers, greatly impeding your recovery efforts. Avoid restoring infected data by scanning backups and archives to minimize risk.

  • Regular exercises. If you’ve never experienced ransomware before, you might not know what to do. Backing up and protecting your data properly is critical, but you must also be ready and able to recover too. Practice makes perfect.

In the end, only you can decide if paying a ransom is right for you, but making that decision means understanding the realities of what the breach means for your business, how it will affect you in the future, and what the costs are beyond the ransom.

Remember: If your business is successfully hit by ransomware, you could be targeted again. Take action now to prevent future attacks.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like