News
To pay or not to pay? Companies need help facing ransomware attacks
May 2024 by James Watts, Managing Director of Databarracks
We are in a vicious cycle of ransomware payments leading to more attacks, and more payments, says James Watts, Managing Director at Databarracks.
Commenting on the significance of this and whether or not ransomware payments should be banned, Watts said: Ransomware must be addressed as a global, societal issue. It is like the ’tragedy of the commons’. Individuals acting independently in their own best interest against the common good. A business might think they are right to pay the ransom to minimise their costs, but when thousands of organisations do the same, they feed into that vicious cycle.
“An outright ban is attractive because it would break the cycle. But although it’s a good argument, in practice it will lead to organisations going out of business or being unable to serve their customers, patients and citizens. That is not a viable situation.
“Australia came close to banning payment before ultimately backing down. The closest to a ‘ban’ in several countries is a restriction on payments to terrorist organisations – although often it is not possible for the victim to know exactly who the attacker is.
“The best route for organisations is to be able to choose not to make the payment. In order to do that, they first need to have an air-gapped, immutable backup that can’t be compromised. They also need to want to refuse the ransom. In some cases, the ransom will cost less than carrying out your own recovery.
“Without legislation and left to make decisions independently, some organisations will opt for the lower cost ransom payment rather than the hard work of recovery. The way to influence that behaviour is through cyber insurance. If your insurer tells you that your losses are only covered if you recover your systems and business rather than paying the attacker, organisations are guided to make the right choice.
“Cyber insurance is one of the few levers that can impact ransomware payments. For it to help raise the base level of preparedness, uptake needs to increase too. It is positive to see that despite the increase in cost and demand, the number of organisations with cyber insurance has also increased.
“44% of organisations that suffered a ransomware attack, paid the ransom. 34% recovered from backups, while 22% used ransomware decryption tools (Data Health Check 2022).”
