business backgrounder | industry
When the university decided not to pay the ransom , it took steps to prevent all outside access to email , internet , and other main aspects of its computer network .
The decision prevented the thieves from profiting , but it wreaked havoc in the hospital . For weeks , employees didn ’ t have access to patient care applications , electronic health records , payroll information , and patient appointment schedules . Elective procedures had to be rescheduled , a total of 5,000 hospital laptops and computers were encrypted , and the hospital had to furlough or reassign 300 employees who couldn ’ t do their jobs because of the attack .
Though the hospital didn ’ t pay the ransom , it paid in other ways , losing an estimated $ 50 million , primarily from reduced revenue . The IT staff worked 24 / 7 for three weeks to reinstate networks and restore thousands of computers affected by the theft .
there are no easy answers
What if this happened to your business ? Should you pay the ransom ?
There is no one-size-fits-all answer to the question — it must be considered on a case-by-case basis . The answer is often determined by the specific situation of the victim , and their attitude as well .
The difficulty of this decision is exacerbated by the fact that there are no guarantees .
On the one hand , paying can be the direct way to recover data , get the business back on track , and limit losses . But restoring data can take weeks , decrypters provided by thieves might not work , and encrypted files might be damaged or unrecoverable .
There are ways that organizations can help prevent a ransomware attack , however , and professional support is available that can get them back to business as quickly as possible when their data is held hostage .
some businesses may not recover
Small manufacturing businesses living “ on the knife ’ s edge ,” with employees surviving paycheck to paycheck , can go out of business quickly from a ransomware attack .
Some victimized organizations — such as hospitals and physician practices — have a low tolerance for system downtime because inability to access data can lead to harm or even deaths of patients .
In addition to the business impact of ransomware , the emotional effects can ’ t be overstated . The stressful situation can leave workers feeling vulnerable and emotionally drained , especially if confidential information has been breached .
Because cybercriminals often exfiltrate data , it makes the situation even more difficult . According to Forbes , in 70 % of attacks , the criminals gain access to confidential information — personal files , login passwords , and email addresses — and demand ransom payments from the company to keep them from releasing it .
making the decision
When an organization finds itself infested by ransomware and has lost important data , executives should ask these questions : Is the data essential to the success of the business ? How quickly do we need to restore it ? Will our business fail if we don ’ t get it back ?
companies decide to pay the ransom for several reasons :
• Faster recovery time — If an organization faces a long , costly downtime while data is restored , paying the ransom can be the better , and less expensive , alternative .
• Potential damage to business — This can include revenue loss as well as damage to a company ’ s reputation and customer confidence .
• High recovery costs - If the long-term costs to recover from a ransomware attack are more than the ransom payment , it can make sense to pay .
• Protecting confidential data - Some attackers threaten to release customer and employee data they exfiltrated to exert pressure on companies to pay .
paying the ransom might not have a positive outcome :
Data might not be returned — If a company pays , there ’ s no guarantee that the cyber attackers will return the data , or the decryption key will work .
Potential legal issues — Depending on where cyber thieves are located , paying ransomware attackers can be viewed as funding terrorism .
Additional information
ProPoint , AWB ’ s employer services arm , has partnered with HSB Total Cyber insurance to provide comprehensive , affordable solutions for employers .
For more information and an instant , no obligation online quote go to : www . hsbtotalcyber . com / propoint / en / homepage . html
For more information , you can also contact Helen Siggins at helens @ propointservices . com winter 2023 49