Ransomware attacks are on the rise. According to Verizon’s annual Data Breach Investigations report of April 2018, ransomware accounted for 39% of all malware infections.
The Australian Government, CERT Australia and law enforcement agencies around the world recommend that you do not pay ransom as doing so perpetuates further ransomware attacks and there is no guarantee that files will be recovered.
Ransomware attacks are on the rise. According to Verizon’s annual Data Breach Investigations report of April 2018, ransomware accounted for 39% of all malware infections. It also showed that attacks on individuals had dropped, but attacks on businesses had increased and, according to Dimension Data, ransomware attacks grew by 350% in 2017 as compared to 2016. The Telstra 2018 Security Report survey of Australian, Asian, European and UK businesses (Telstra Report) found that 31% of Australian respondents who reported their business had suffered a security breach said they experienced ransomware attacks on a weekly or monthly basis. Australian insurance companies have also seen an upward trend in notifications they receive under cyber security policies of ransomware and malware attacks.
So, when your organisation finds itself in the unfortunate position of being subject to a ransomware attack, will you pay to get your data back? Remember that a ransomware attack may also indicate there has been a notifiable data breach which also requires an assessment. The Australian Government, CERT Australia and law enforcement agencies around the world recommend that you do not pay ransom as doing so perpetuates further ransomware attacks and there is no guarantee that files will be recovered. Paying ransom also identifies an organisation as being one that is willing to pay ransom which could increase the risk that you will be targeted again. There is also no guarantee that the files will be returned (though this is a reputational issue for the hacker who wants to encourage organisations they have attacked to pay up because they believe their files will be released).
That said, many organisations do pay. Although there is no way of really knowing for sure how many companies pay ransom, according to the Telstra Report, 47% of Australian businesses that had suffered a ransomware attack paid the ransom, and of those, 86% got their files back.
As part of planning your organisation's response to cyber incident Response Plan, you should consider in advance what position your organisation will take when it comes to paying ransom. Some practical considerations are:
MinterEllison's cybersecurity and cyber insurance experts can assist you to navigate these considerations so that you can be prepared for a ransom attack.