Pay or not pay for ransome attacks?


It can really hit anyone. Security experts say how companies should react to ransomware attacks.

It usually only takes seconds: a file is opened, sometimes a script runs, the ransomware executes and immediately starts spreading in the company network. Even if there were an emergency protocol for this worst-case scenario, it would not include payment of a ransom.

Many companies mistakenly assume that they are well armed against such attacks. They overestimate their security systems or their staff – this applies to both SMEs and larger companies. In May 2017, the whole country was even able to witness an attack when the payment request for the ransomware WannaCry was displayed on almost every newer Deutsche Bahn display.

Most attacks, of course, have fewer audiences. But thanks to the GDPR and the obligation to report an attack in which data is likely to have leaked, reports are almost the order of the day.

Anyone can be a victim

Well prepared or badly prepared, every company is a potential target for ransomware criminals. After a successful attack, companies keep asking themselves the same questions: What can we do now? Shall we pay? At the latest when managers and financial experts are sitting at the table in addition to the security people, the question of paying ransom becomes an economic decision. This is what happened at the US pipeline operator Colonial in May of this year. Back then, so many of the pipeline’s control systems were encrypted that they had to stop operating. Official statement: You cannot assess the damage to the system. Therefore, it is not possible to say for sure when the pipeline will be able to go back online. With this in mind, Colonial Pipeline paid $ 4.4 million in bitcoins. But the decryption tools supplied by the blackmailers only partially repaired the damage. Therefore, the pipeline could only be restarted in emergency mode. Further costs for the repair of the control systems were incurred.

As in the case of Colonial Pipeline, behind the scenes, ransomware-hit companies keep opting to pay the ransom because they believe it is the lesser evil. Often particularly bold computers in the company calculate with a sharp pencil the damage that occurs when certain data is lost, has to be re-entered or parts of the current business cannot be processed. This is then compared with the sum of the ransom. Some companies have already experienced painfully that such calculations are mostly nonsense. Because in their calculation they had forgotten that they were mending a compromised system, only to find out soon that the attackers still had full access to the system. Rebuilding and relaunching the entire corporate network were inevitable.

The Irish health service HSE showed that there is another way. Also in May of this year, hackers encrypted important data, so that hospitals had to cancel numerous treatment appointments. Those responsible at HSE shut down the systems, set about restoring the systems and data – and publicly announced that they would not pay any ransom, but would rather use the money to restore and rebuild the systems. According to experts, this decision has made another ransomware attack on HSE much less likely. Attackers primarily seek out targets that they suspect will get ransom money.

Zero ransom demand

The problem of ransomware has now also reached politics. It was understood that every dollar, euro or bitcoin paid financed new attacks. Politicians are therefore demanding that this be the end of it. US President Biden recently took the first step towards a zero ransom strategy. It was determined that a reported ransomware attack is equated with a terrorist attack. This classification allows extended access to resources for the protection of national security. In Great Britain, too, voices are growing louder in favor of a zero ransom strategy. Spokesmen for the cybersecurity center of the secret service GCHQ are even calling for a legal ban on ransom payments to hackers because the ransom is used to finance organized crime.

In Germany there are political talks on the subject, but no concrete steps. This would be necessary, as an article on “Zeit Online” from June 2021 shows: at least 100 German offices, government agencies, clinics, city administrations and courts have been attacked by ransomware gangs in the past six years.

The com! professional asked a large group of experts and manufacturers in the security industry how companies should react in the event of a ransomware attack. Her statements follow.


Source: com! professional by www.com-magazin.de.

*The article has been translated based on the content of com! professional by www.com-magazin.de. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!