3 Reasons Why You Shouldn’t Pay Ransomware Demands [Updated]

Editor's note: This post was originally published on July 24, 2018 and has been revised for clarity and comprehensiveness.

The year 2023 established a new record for ransomware attacks. There were nearly 5,000 leak site victims, almost double the previous year. 

This alarming resurgence of ransomware attacks left countless organizations scrambling to shore up their cybersecurity measures. Government agencies and cybersecurity experts are also issuing urgent warnings and advisories to address the pressing threat.  

In the face of the onslaught, one question arises yet again: should organizations pay the ransom in the event of a successful attack?  

Intelligent Technical Solutions (ITS) is a managed security services provider (MSSP) with 20 years of experience helping businesses strengthen their network defenses. We’ve worked with organizations to defend and fight against combat cyberattacks like ransomware. 

In this article, we’ll go over the following:  

• Why you shouldn’t pay a ransomware demand   
• How to protect your business from ransomware attacks   

After reading, you'll have a clear understanding of the security measures you should put in place to safeguard your business against ransomware attacks. This knowledge will help you lower the risk of becoming a victim of extortion and ensure the integrity and smooth operation of your business. 

3 Reasons Why Experts Don’t Recommend Paying a Ransomware Demand  

The decision to pay a ransomware demand has always been a complex and controversial debate among cybersecurity experts and business owners.   

On one hand, paying the ransom may be the quickest way to regain your access to encrypted files and restore business operations. But this could invite more ransomware attacks in the future.   

While every situation is unique, businesses are generally not recommended to pay a ransomware demand. Here are some reasons why:  

1. It encourages more ransomware attacks.

Paying a ransomware demand may seem like the easiest solution to retrieve data. However, it also sends a message to cybercriminals that ransomware attacks are profitable, encouraging them to target your company again. By paying the ransom, you are essentially funding criminal activity and increasing the likelihood of future attacks.  

2. There is no guarantee of complete data recovery. 

Even if you pay the ransom, you are not guaranteed to receive the decryption key to fully restore your data.   

Cybercriminals may take the ransom and provide a partial decryption key, or they may disappear without providing any decryption key at all. Paying the ransom also doesn't guarantee that the cybercriminals won't sell or use the stolen data for other illegal purposes.  

3. It could violate regulations and laws.  

Paying a ransomware demand could violate regulations and laws, depending on the nature of your business and the type of encrypted data. For example, in the healthcare industry, paying a ransom to regain access to patient data could violate Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations.    

But even if paying the ransom is not explicitly illegal, it may still damage your business reputation, as customers and other stakeholders may perceive you as unable to protect their data adequately. 

How to Protect Your Business from Ransomware Attacks 

The risk of ransomware attacks has only grown with the rise of remote work and the increasing use of digital tools. With employees accessing company systems and data from various locations and devices, the potential entry points for ransomware have multiplied, making businesses more vulnerable than ever. 

The consequences of these attacks extend beyond financial loss. They can: 

• Severely disrupt business operations,  
• Damage a company's reputation, and 
• Lead to regulatory penalties if customer data is compromised.  

If you don’t want to see yourself in a difficult position facing a ransomware attack, here are some tips to protect your business against ransomware:  

1. Educate Your Employees 

The first line of defense against ransomware is your employees. Many ransomware attacks start with a phishing email that tricks the victim into clicking a malicious link or downloading an infected file.   

Educating your employees on how to identify and report suspicious emails is essential to prevent this.  

Training should include:   

• Teaching employees to avoid clicking on links or downloading attachments from unknown sources.  
• Encouraging them to double-check the sender's email address and look out for common signs of phishing, such as urgent language or unusual requests.  

Regular training sessions help keep employees up to date with the latest threats and best security practices.  

2. Keep Your Software Up to Date

Consider automating this process to ensure all devices on your network are updated regularly. 

3. Implement Access Controls  

Ransomware can spread quickly throughout a network, infecting multiple devices and causing significant damage.    

One way to prevent this is to implement access controls that limit access to sensitive data and systems.  

Access controls can include measures such as: 

• Password protection 
• Multi-factor authentication (MFA) 
• Role-based access  

It's also important to regularly review access controls to ensure they are up-to-date and effective.  

4. Backup Your Data  

You can restore your data after an attack without paying the ransom if your data is backed up. 

Regular backups should be made to an external storage device or a cloud-based backup service. Testing your backups is also crucial to ensure they are working correctly. In the event of a ransomware attack, you don't want to find out that your backups are suddenly corrupt or incomplete.  

5. Use Antivirus Software 

But since not all antivirus is created equal, you must find and use reputable antivirus software and ensure it is kept up to date with the latest virus definitions.  

6. Create an Incident Response Plan  

Despite your best efforts, there is always a risk of a ransomware attack. It's essential to have an incident response plan in place to minimize the damage. This plan should outline the steps to take in the event of an attack, including whom to contact and what actions to take. More importantly, all employees should be trained in the plan and must understand their roles.   

Ready to Start Implementing Cybersecurity Measures Now? 

Businesses should focus on implementing preventive measures to minimize the risk of a ransomware attack. 

However, if you think you lack the tools and expertise to implement cybersecurity measures, you can always rely on a good MSP to guide you. 

At ITS, we’ve helped hundreds of businesses strengthen their cybersecurity for over two decades. If you want to find out where your current security measures stand, schedule a free cybersecurity assessment with one of our experts.   

Feel free to go through these references from our Learning Center as well to learn more about ransomware:  

• EBOOK:  Ransomware Attack Protection Guide  
• 4 Security Measures that MSPs Employ to Prevent Ransomware Attacks  
• Domino Effect: A Third-Party Vendor's Ransomware Crisis Became Our Own 
• VIDEO: How much does ITS Cybersecurity Cost?