Should your company pay cybercriminals after a ransomware attack? It depends.
September 13, 2024 – Published on Business Insider
Cybercriminals stealing important data and holding it for ransom can be a company’s worst nightmare.
Instances of ransomware, a type of malicious software that holds sensitive data hostage until a victim pays the attacker, are becoming more common. Some companies choose to pay cybercriminals, and others don’t. MGM and Boeing reportedly declined to pay millions of dollars that hackers sought after data breaches. The software firm CDK Global likely paid $25 million when it was attacked, and the casino operator Caesars reportedly paid $15 million.
“The position we generally take is that if you don’t need to pay ransom, you should not pay ransom,” said Mark Lance, the vice president of digital forensics and incident response and threat intelligence at GuidePoint Security, which helps organizations negotiate ransomware. “We do not recommend funding a criminal organization or making a payment if it’s unnecessary.”
But he said companies may decide to pay up for a variety of reasons. “We educate clients who are the victims on what to expect if they’re impacted by ransomware and what some of the benefits might be if they did pay versus didn’t pay,” he said.
Read More HERE.