Ransomware Recovery is Long and Expensive. Should You Just Pay the Ransom to Make it Easier?
Ransomware has been the story of the year in cybersecurity, as attacks have boomed by more than 40% since March 2020. This slippery, dangerous foe is a nightmare that can wreak havoc on your business and cost a fortune in restoration and recovery on top of the lost business and general damage.
No one wants to deal with ransomware. But since you’re already looking at an expensive proposition, can you save yourself the money, time, and headaches of undertaking a ransomware incident response by paying the ransom and getting the encryption key to unlock your systems and data – and will you get in legal trouble for doing it?
The answer is complicated. While paying the ransom may not be expressly prohibited by law, legal officials are not fans of the practice. The US Treasury issued new guidance this month urging people not to pay hackers, and noting that businesses could face civil penalties if they pay ransoms to hacker groups affiliated with sanctioned nation-states, a particular concern for the healthcare sector.
The better approach to protecting your business from phishing danger including ransomware is increased security awareness and phishing resistance training. Ransomware is most likely to arrive at your doorstep as the cargo of a phishing email, as well as other dangerous cyberattacks like business email compromise, spear phishing, and whaling.
Regular phishing resistance training and testing with a solution like BullPhish ID is extremely effective – security awareness training including phishing resistance can reduce your cybersecurity incident rate by up to 70%. No matter how you slice it, increased security awareness training is the best way to ensure that your employees are ready for the threats they face ahead to keep ransomware from taking your profits hostage.