Should I pay off hackers to regain my data?

Colonial Pipeline, was hit by a ransomware attack in early May, and the company recently paid a US$4.4 million ransom to the cybercriminal gang responsible for the intrusion. However, when it comes to ransomware attacks, paying criminals isn’t the right thing to do – in fact, experts say it should be illegal to pay off hackers.

Law-enforcement agencies around the world are increasingly urging victims not to pay. But paying a ransom is not illegal and many organizations pay in secret. If there’s one thing to remember is that paying off a criminal in no way guarantees to get your assets back. If anything, it proves to the offender that you are willing to shell out funds for your data – and as the one controlling access to said data, cyber opportunists might see the chance to repeatedly tap the same till. Hence, there is no guarantee that hackers will return sensitive data.

According to an annual report on global cybersecurity, there were a total of 304 million ransomware attacks worldwide in 2020. This was a 62% increase from a year prior and the second-highest reported number of ransomware attacks since 2014, with the highest on record being 638 million attacks in 2016.

Should paying hackers be illegal?

The US government with other administrations around the world have recommended in the past that companies do not pay hackers over ransomware attacks. In the case of Colonial Pipeline, as it is the most recent one, the chief of the company authorized the payment two days after because of uncertainty over how long the shutdown would continue.

This is causing law-enforcement agencies globally to increasingly urge victims not to pony up. Now, the Ransomware Task Force (RTF) global coalition of cyber experts is lobbying governments to take legislative action.

Whichever path you choose – to pay or not to pay – it may take time to return to normal operations. Organizations should take steps to maintain their organization’s essential functions according to their business continuity plan.

Reasons why you shouldn’t pay ransomware hackers:

1. Perpetrators will demand additional ransom
2. In many cases, people pay the ransom despite their data actually being safe and sound.
3. You can’t guarantee that you’ll get your data back or that your data won’t be uploaded to the dark web

 

Don’t think you’re in danger because you’re “too small” and not a big company like Colonial Pipeline, avoid these types of threats and get in touch with an expert on Cybersecurity now.