You have come to the point where your business might be considering a ransom payment to unlock your ransomware files. After exploring all options and methods for recovering your data in a ransomware attack, you may be thinking about the ransom payment and the outcomes. Many ransomware victims are afraid and anxious to understand how paying the ransom will help them decrypt their files.
We want our readers to feel they have a better understanding of ransomware payments as an option to recover their data. Not every victim of ransomware will end up paying ransomware to unlock their files, and it is not an option for every ransomware attack.
If it is necessary (and the only option) for data recovery, our ransomware recovery experts help victims explore the choice of paying the ransom. Proven Data is committed to our clients and their recovery efforts, as we’ve assisted thousands of successful ransomware recovery cases. This guide helps provide a comprehensive look at if you should consider paying the ransom and the results of that choice.
Should I pay the ransomware?
Before considering paying the ransom to recover your files, we recommend seeing if there is another method for recovery that you can explore. Unfortunately, some ransomware may leave you with the only option of paying the ransom to recover your files.
Assuming you have exhausted other options, business leaders need to ask themselves:
- Is this data critical to the immediate and future success of my organization?
- How fast do we need to restore our locked files?
- Will we close down if we don’t have these files back?
- Is it ethical to make a ransom payment?
Each of these questions will help guide the organization to make the right choice for paying the ransom as a means to unlock their files. The option of paying ransomware should only be considered if business leaders decide their data is necessary to keep the company afloat.
Is it legal to pay ransomware?
It is essential to consult with your attorney whenever in doubt and stay up to date with the latest legislation if you choose to make a ransom payment on your own. You may be having questions about the legality of ransom payments as an option to regain control of your locked files. In the United States, it is legal to engage with ransomware operators and pay ransomware with cryptocurrency however, due diligence must be performed prior to making a ransom payment.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) may impose sanctions against certain foreign entities in which ransomware payments cannot be made. These groups of hackers are deemed enemies of the country and as a result, they are not to be permitted to receive ransom payments from United State’s businesses and individuals.
If paying the ransom is the only option for data restoration you should seek out a ransomware recovery service that has a compliance officer who screens wallets with digital currency tracing software. As seen in the above diagram, there are several known ties to known sanctioned entities.
The firm you work with should have developed their sanctions compliance program program with specialized legal counsel. This will ensure you are abiding by all state and federal laws. A reputable ransomware recovery service will have its own legal counsel who stays up to date with the latest developments for digital currency screening.
Paying the ransom
Paying the ransom as a ransomware victim means that your organization will be exchanging digital currency to have your files unlocked. Businesses that choose to pay the ransom are doing so because they need a decryption key, the code that will unlock you files. If you are debating whether to choose to pay the ransom, understanding the pros and cons can help you make a more confident and informed decision.
Nobody wants to be in a situation where paying the ransom is the only option to recover the encrypted files. Understanding the pros of making a ransom payment will help weigh into the difficult decision you will be making.
Recover encrypted files
Paying the ransom increases the chances of getting your files unlocked and systems back to working order at your business. The decryption key provided by the hackers after the ransom is paid is used to unlock the files that were encrypted during the ransomware attack.
Proven Data analyzed internal ransomware cases during April 2020 and found that:
- In cases requiring ransomware payment, 88.9% delivered the keys.
- Out of cases paid and a decryptor was delivered, 31.25% of those required additional troubleshooting and/or advanced custom solutions to unlock the data.
Ransom payments are made as a last-resort effort to recover the data in the shortest amount of time possible. Even if you have data backups (that are NOT encrypted and kept safe from ransomware), it takes an average of 33 hours to recover from these databases. Backups may not have the latest version of the data that your business needs to function and recover properly.
Organizations that choose to pay the ransom might save money because paying the ransom is often cheaper than replacing and rebuilding an entire IT network.
In the spring of 2019, the city of Baltimore refused to pay ransomware hackers $76,000 in cryptocurrency to regain control of their network.
The mayor refused to pay the hackers and opted to rebuild the entire network for the city. Later that year, it was reported that the ransomware attack cost the city over $18.2 million to purchase new IT equipment and reformat the entire network infrastructure. If Baltimore paid the ransomware operators, they might have saved the city millions of dollars in reparation costs. Mayor Young of Baltimore declared it was a moral issue for the city (covered later in this article).
Choosing to pay the ransom can result in some of the following negative outcomes:
Bad working decryptor
After the ransom is paid, the ransomware operators provide a decryption “key,” a tool used to reverse the encryption of the files and data. Sometimes this key doesn’t function properly, or your database is improperly configured, which requires multiple keys.
Even when you pay ransomware, the tools provided by the ransomware hacker may not immediately recover your data. Additional issues may arise such as:
- Wrong key: The key delivered by the threat actor is the wrong one and does not decrypt your files.
- Correct key, but bad decryption utility: The executable is malfunctioning and won’t decrypt your files.
- File corruption: The files decrypt, but your databases and virtual images don’t mount.
- Decryptor compatibility issue: The decryptor was built for a different operating system and doesn’t work on yours.
- Double encryption: You didn’t realize you had double encryption, and the decryption tools only worked on one layer.
Ransomware recovery services should be able to help you navigate these additional challenges when they arise.
Further attacks may occur
Paying the ransom to recover your locked files doesn’t guarantee that the hackers will get off your network. The next steps to recovery must include removing the cyber threats and closing the vulnerability where the ransomware came in. Your organization may still be compromised in regards to:
Ethical dilemma of funding cyber crime economy
Ransomware is a financially motivated cyber crime in which the ransom payments are going directly to the perpetrators. These ransomware payments are used to facilitate further cyber criminal activity and even larger criminal enterprises, possibly even terrorism.
As a ransomware victim, you could be feeling challenges with the ethical dilemma of funding crime and further illegal activity.
When ransomware infects a medical organization or hospital, lives can be on the line when doctors and nurses lose access to critical patient information and data. There may be an immediate need for the data recovery in which losing this data is not an option.
Wondering if paying the ransom is right for your business?
Your business must ultimately decide whether or not paying the ransom is an option for recovering the data in a ransomware attack. As one of the first ransomware recovery services to help victims of ransomware, we understand organizations choose both to pay and not to pay as they weigh all their options.
Unfortunately, the reality of ransomware is that some cases may require the payment of the demand to obtain the means to decrypt your data. As a last resort option, we would explore this and inform you accordingly.
Proven Data stands by their client’s during situations where a ransom is the only option available to recover their data. Our guide on what it costs to recover from ransomware gives more insight into how the ransom payment is calculated into the cost of ransomware recovery.
The FBI understands that payment may be the last alternative to restore your files, however businesses must recognize what’s involved as they weigh this decision.
Whether you choose to pay the ransom or not to recover your files from ransomware, you must still:
- Close the vulnerability in which the ransomware entered your network
- Improve the cyber security culture at your organization
Need more information on ransomware recovery?
DISCLAIMER: The information provided on our site does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general educational and research purposes only. Readers should contact their attorney for any legal questions if you were a victim of ransomware or a cyber-attack.