Cybersecurity expert explains both scenarios and suggests how to make your business more resilient against ransomware.

Ransomware continues to evolve as one of the most profitable forms of cybercrime, with 2024 on track to become the highest-grossing year for ransom payments. This shift is driven by a strategy known as “big game hunting,” where cybercriminals focus on fewer, more high-profile attacks but extract significantly larger sums.

A report released last week revealed that a Fortune 50 company made a staggering $75 million payment to the Dark Angels ransomware group in early 2024—the largest ransom ever recorded. This trend reflects a dramatic increase in the typical ransom payment, which has risen from just under $200,000 in early 2023 to a shocking $1.5 million by mid-June 2024. It indicates a shift towards targeting larger businesses and critical infrastructure, entities that are not only more capable of paying but also more vulnerable due to their systemic importance.

“Recently, ransomware has become the greatest cyber threat to organizations. It keeps spreading and targeting various businesses, from hospitals to oil pipelines, to capitalize on the fear of operation disruption and data loss,” says Vakaris Noreika,  head of product for NordStellar. “To pay or not to pay a ransom  is the hardest question companies struck by cyber extortion must answer as they face the prospect of permanently losing access to their information.”

How ransomware works

Ransomware usually hits organizations that need access to time-sensitive data — for example, hospitals and municipal agencies. Hackers run a virus to breach a company’s system so that they could take control of it and lock employees or customers out, preventing them from using it. In most cases, a ransom note is left within the virus, and, for many businesses, production is brought to a standstill. The company is then extorted to pay money to get their access to the information restored. If the organization fails to pay, the program threatens to destroy or expose its data publicly.

What happens if you decide to pay?

It is generally advised not to give in to ransomware demands as such payments fund and encourage cybercriminals to carry on their profitable attacks. However, paying a ransom is often the fastest and least expensive way to recover. Moreover, you might not be sure how badly the attack has breached your systems and how long it might take to bring the business back up and running, so many businesses decide to meet hackers’ demands.

Usually, companies contact some third-party incident responders or cyber insurance firms to help negotiate with the hackers. The response team also brings in digital forensics, PR, and lawyers. Often, the attackers provide a sample set of files proving they can decrypt what’s held hostage. In almost all known cases ransoms are demanded in cryptocurrency, namely Bitcoin. After the payment is put into the designated cryptocurrency wallet, hackers provide the victim with a decryption key and tech support, allowing them to regain access to the network and data.

“Companies that agree to pay a ransom shouldn‘t be victim-blamed as they surely went through a big moral dilemma, and surrendering to threat actors must have been the last resort to restore their business and protect their clients’ reputation,” says Vakaris Noreika.

What happens if you refuse to pay?

Unfortunately, paying the cybercriminals off doesn’t guarantee that you will get back what’s been taken away. There’s also no guarantee your business won’t get attacked again. And, perhaps, the most worrying fact is that your data might still be shared publicly. Refusing to pay is a message to the attackers that the business doesn’t encourage cybercrime by making it profitable.

“After a ransomware attack hits your business, contact a team of experts to help you figure out what happened and what happens next,” Vakaris Noreika suggests. “Answering the following questions might help you see the bigger picture: Do I keep the data backed up elsewhere? Can I rebuild this network or database from scratch? What happens if the stolen data gets leaked to the public? Will my company be out of business if I don’t pay?”

What can make your business more resilient against ransomware?

It’s almost impossible to predict how a ransomware attack might play out, but you can always evaluate your preparedness by following some cybersecurity procedures.

• Ensure your company uses an antivirus and a firewall on every device and network it owns. The duo makes it more difficult for viruses to infect your system. A robust antivirus also helps prevent your staff from accidentally downloading malware. 
• Update your company’s software and operating system periodically. Updates usually include critical fixes that repair known vulnerabilities and security flaws that cybercriminals might have already exploited to target others. 
• Train your staff to see through and recognize phishing email scams. Don’t let hackers into your systems just because an employee clicked on a suspicious link within an email or downloaded a malicious attachment with hidden ransomware. 
• Maintain periodic secure data backups to reduce the damage of any potential ransomware attacks. A regularly updated and secured backup will guarantee access to your data in the event hackers lock you out of your network. 
• Encrypt your company’s data. Begin encrypting the sensitive information your company handles. Using strong encryption ensures that even if hackers manage to steal your files, they won’t be able to access the content. Encrypting data and backing it up securely in the cloud protects your business from threats of data wiping or public exposure. NordStellar’s tools can help you implement these practices, providing an extra layer of security for your corporate information. 
• If you suffered a ransomware attack, inform the authorities, and fully cooperate. Contact reliable experts to identify the root cause and secure your network from future attacks.

Editors’ Note: