Ransomware: To pay or not to pay
The main goal of hackers when carrying out a ransomware attack is to demand a ransom in return and profit.
The 64% of Spanish companies agreed to pay the ransom requested by cybercriminals and 43% of them did so to become operational again because the ransomware attack paralyzed their activity. This is concluded in the Hiscox 2022 Cyberpreparation Report, an insurance company that offers innovative and specialized products for businesses and professionals in the Spanish market.
This number of companies that chose to pay the ransom in order to become operational again increases to 56% in the case of small and medium-sized Spanish companies. This type of attack endangers the economic capital of the company, since only the payment of all the ransoms carried out by Spanish companies in 2021 cost each of them an average of €19,400, without taking into account the extra €10,843 that on average they invested to be able to recover their normal activity after the incident.
However, paying is not synonymous with peace of mind in light of the fact that 47% of companies that decided to pay the ransom demanded by cybercriminals resulted in a second ransomware attack, a figure that rises to 50% in the case of small and medium-sized companies in Spain.
Ransomware is the third type of attack that companies suffer the most (22%), behind Denial of Service (38%) and financial fraud (32%). In the specific case of SMEs, ransomware attacks are becoming more frequent, since if in 2020 they only represented 11%, in 2021 it has risen to 20%.
But why shouldn’t we pay? There are different reasons:
- Nothing guarantees that we will recover the files.
- In certain circumstances it is illegal to pay such a ransom and even not to inform the authorities that we have been the victim of a ransomware attack. In the United States, for example, it is a crime.
- Paying allows cybercriminals to continue their attacks since we would be financing the attackers.
Soffid recommends to adopt the principle of least privilege for internal and external network users. With this type of ransomware it is effective to reduce the privileges of user accounts, reducing to a minimum the accounts that need system administrator privileges – thus reducing the attack surface exploited by the ransomware agent.