Everything is Negotiable… Including Ransomware Payments

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Should you find yourself in the situation where paying the ransom is your only out, it’s important to know how to navigate – and minimize – the payment.

Cyber attacks are the new reality for most organizations. According to a new report from Cyber Edge, over 87% of organizations think a cyber attack is likely in 2018, and 77% have experience one or more attacks in the previous 12 months. Ransomware ranks #2 in Cyber Edge’s list of cyberthreat concerns (just behind malware) and is predicted to reach $8 billion in damages (according to Cybersecurity Ventures) in 2018 alone.

With ransomware, there’s always the question of “Should I pay the ransom?”

Most experts in cyber security, including the FBI and the UK’s National Crime Agency agree that paying the ransom should be a last resort. You’re funding criminals that aren’t guaranteeing that your data will be properly encrypted. Additionally, it potentially encourages further attempts at extorting funds from your organization.

BUT… if you’re in the situation where you’re only option is to pay the ransom, how do you minimize the cost?

  • Talk to the hackers – If possible, begin communications as soon as possible. Sometimes tactics like claiming no ability to pay, etc. can have an impact. One story about last year’s WannaCry had an unexpected ending, with the hackers providing great customer service to a region of the world with no means to pay a ransom.
  • Ensure Decryption is Possible – According to the Cyber Edge report, of those organizations paying the ransom, only half got their data back. Asking the hacker to prove they can properly decrypt is probably a must.
  • Haggle – remember, the hackers are in business to make money. They’d rather make something than nothing. You should expect pushback on your first few attempts, but by a third communication, hackers tend to consider decreasing the fee.

Even if you’re successful, keep in mind there may be other ramifications – compliance penalties, damage to corporate reputation, etc.

Rather than be stuck in this situation, there are some proactive steps you can take to avoid a ransomware attack:

  • Backup Everything Important – treat a ransomware attack like a disaster scenario in your DR planning. Determine which data sets and systems are mission critical, ensuring you have an ability to recover them easily.
  • Educate Your Users – organizations that employ Security Awareness Training experienced 37% less ransomware attacks than those using multiple mainstream security solutions.

Bad guys are constantly coming out with new malware versions to evade detection. That’s why we’ve updated our Ransomware Simulated tool “RanSim” to include a new cryptomining scenario!

This new cryptomining scenario simulates a Monero cryptocurrency-mining operation on the local machine. Monero mining is the most popular cryptocurrency mined by real-world malware and takes a lot of CPU and GPU cycles to process the data necessary to generate the currencies.

Try KnowBe4’s NEW Ransomware Simulator tool and get a quick look at the effectiveness of your existing network protection against the latest threats.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About KnowBe4
KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available. Customers with businesses of all sizes can get the KnowBe4 platform deployed into production at least twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.
Promoted Content
Free IT Security Tools
We have developed a set of free IT security tools that all help to strengthen your network and your last line of defense against cybercrime: users. Protect yourself against phishing, malware, bad passwords, email threats and more. Try one or try them all!

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?