Responding To Ransomware: The Importance Of Not Paying The Ransom

by Grayson Milbourne

Ransomware attacks place organizations in a difficult, high-stress position, but paying the ransom is never the answer.

Nearly all ransomware cases start by stealing and encrypting sensitive data, which leaves organizations vulnerable to losing critical information unless hefty ransoms are paid. Yet, the consequences of stolen data extend beyond financial loss. Breached organizations can also face long-term reputational damage and regulatory and legal ramifications.

Data security laws such as the General Data Protection Regulation (GDPR) also impose substantial fines on organizations that leak personally identifiable information (PII), further amplifying the financial burden of stolen data. Additionally, losing highly valued intellectual property (IP) can severely damage a company’s competitive advantage, pushing some organizations to pay exorbitant ransoms.

However, relying on ransom payments to regain access to stolen data does not solve the core issue of data theft. Despite growing cybersecurity investments and awareness, recent survey findings indicate that organizations are still paying ransoms at an alarming rate.

While it may seem like the fastest method to regain access to lost systems or data, paying the ransom does not guarantee that data will be restored or systems won’t be attacked again. Worst of all, it emboldens attackers and fuels the ransomware market.

Organizations must proactively secure sensitive data, along with taking proper storage precautions, to prevent it from being decrypted and exploited in a ransomware attack.

The State Of Ransomware

My company, OpenText, ran a 2024 Global Ransomware Survey that polled security professionals to analyze the current state of ransomware, including the frequency of attacks, ransom payments and successful data recovery.

The survey revealed that ransomware attacks are becoming more frequent and dangerous. Nearly half of respondents reported that their company experienced a ransomware attack in the past. Of this segment, 73% experienced a ransomware attack in the last year.

Additionally, the research revealed that small- and medium-sized businesses (SMBs) are the most prone to ransomware attacks. SMBs experienced a higher frequency of ransomware attacks, with over three-quarters (76%) of SMBs reporting a ransomware attack in the past year compared to 70% of large enterprises.

Ransom payments also continue to increase. Of those who experienced a ransomware attack in the past year, roughly half (46%) paid the ransom, with 31% of the payments ranging between $1 million and $5 million.

However, nearly all ransomware victims (97%) successfully recovered and restored their organization’s data. As a result, it’s imperative that companies resist the urge to pay the ransom in a moment of panic and instead prioritize data recovery efforts following the attack.

The Dangers Of Paying The Ransom

Paying the ransom does not guarantee the recovery of stolen data. Instead, it hands control of the organization’s systems, data and finances over to cybercriminals, emboldening threat actors and fueling the ransomware industry.

Organizations that pay the ransom also signal to cybercriminals that they are willing to comply, marking themselves as easy targets for future attacks. It also displays a lack of preparation and proper data protection for customers, partners and competitors. This can significantly damage an organization’s reputation and diminish trust in its ability to protect sensitive data.

Best Practices For Protecting Against Ransomware

If you’re hoping to protect your organization against ransomware, start with these first steps:

• Implement Strong Encryption: Organizations need to first ensure their data is stored correctly, making it as difficult as possible for an attacker to access or decrypt stolen sensitive data.

• Use Data Management Solutions: Data management solutions can help organizations quickly retrieve lost data and repair critical business functions without needing to make a ransom payment. It’s critical to regularly back up data to an external data center or the cloud to recover if a computer or network is attacked. Using offline backups for mission-critical data is also a sound strategy, as attackers can’t steal what they can’t access.

• Prepare A Comprehensive Response Playbook: With nearly half of ransomware victims paying the ransom despite 97% successfully recovering their data, a well-rehearsed response plan is essential. Having a thorough response playbook in place makes sure the right people are notified immediately following a ransomware attack. For example, an email distribution list should include leaders from IT, legal, PR and senior management to ensure everyone stays informed and aligned. This is crucial because ransomware commonly uses time to pressure victims.

• Security Awareness Training: Human error continues to be the greatest ransomware risk, making effective security awareness training essential to prevent successful attacks. The rise of AI-driven phishing techniques is also making ransomware attempts easier and more convincing, so every employee needs the proper knowledge to identify threats and report suspicious activity.

• Audit Supply Chain Partners: Ransomware attacks are also increasingly targeting third-party suppliers or service providers as entry points. Regularly assessing the cybersecurity practices of supply chain partners is essential to understanding and mitigating potential risks.

• Practice Good Cyber Hygiene: Maintaining good cyber hygiene is also key for preventing ransomware. This involves regularly patching software, securing access controls, using strong, unique passwords and multifactor authentication, deploying firewalls and keeping antivirus and anti-malware software up to date.

• Report Ransomware Incidents: Despite these best practices, ransomware attacks and breaches are inevitable. Organizations that fall victim should report their incidents through Nomoreransom.org to their local government agencies, such as the FBI and CISA, in the U.S. This will also support ransomware gang tracking and the success of countermeasures.

While the pressure to quickly recover data can be overwhelming, paying the ransom only escalates the threat and encourages attackers. By prioritizing data protection, preparing a clear response plan and reinforcing cybersecurity practices, organizations can safeguard their sensitive information while weakening the incentives that have caused ransomware to balloon into a multibillion-dollar industry.

Ultimately, refusing to pay the ransom will help regain a more secure digital future.