Pay the ransom to the extortionists

[relemedf5w023]

Why do we have such a situation? After all, Backup class solutions, strictly speaking, are not from the information security arsenal, and theoretically they can hardly be considered the best. In any case, we are fighting the consequences of an incident that has occurred, rather than preventing it, which would seem to be less than optimal. Here it should be recalled once again that the primary source of ramsomware distribution is the notorious phishing, and this often significantly weakens the effect of using classic information security tools. Anti-virus solutions are now used in most companies, but given the current scale of ransomware penetration into business, this threat naturally could not pass them by. It must be said that this issue has already been studied quantitatively. Thus, according to the same KnowBe4, from 20 to 55% of organizations using the most popular anti-virus programs (and these are Symantec, McAfee, Kaspersky, Trend Micro, Sophos, ESET and some others) have nevertheless been subjected to electronic extortion. Moreover, the same study showed that 53% of qatar whatsapp data that had a deeply layered defense built from products from several companies still did not escape the consequences of ransomware. Independent decryption of data as one of the ways to solve the problem in practical situations is usually not taken into account, and organizations are left with two options:


- use data backup and recovery tools.

As cynical as it may sound, they try to assess the expediency of paying the extorted amount as objectively as possible. After all, the ransom amount is often not astronomical and is also set individually. Some sources write that the attackers, having received money from the company, will still not give it the key. This is not entirely true. As we noted, ransomware today is a kind of well-established business, and those who are engaged in it are unlikely to undermine the possibilities for its further "development". Nevertheless, according to some studies, there were still isolated cases of keys not being given out.

What is much worse is that if you pay, the attackers will definitely (again, caring about the “successful development” of their own business) take note of your organization and will attack it with tripled zeal in the future, which has already been proven many times in practice.

Of course, paying criminals a reward and thus providing them with indirect support is also a very serious image loss. It is no coincidence that the results of the same studies differ so significantly in cases of real payments. In direct surveys, not many admit that they paid, and we get a very small percentage. If they use indirect forms, for example, surveying service providers with whom the affected customers work, the figures are completely different.