To Pay or Not to Pay?

Ransomware: To Pay or Not to Pay?

This week, the barrage of ransomware has once again reached global proportions. Petya, like WannaCry, will not be the last ransomware we will have to encounter. The vulnerability of our systems, and the flash fire that can engulf the planet, with an exploit in some distant land – is a scary reality. The wayward click of an unsuspecting user in Ukraine (or some other country) can create a problem that reaches virtually every shore. Our weakest point is literally every point that is connected to the internet. In this era, it is incumbent upon every company – and every person – to do their fair share of vulnerability hygiene, to protect all of us. Knowing which systems are vulnerable, is therefore a key insight, and SoftwareONE has the tools and the expertise to help.

What is Ransomware?

Unfortunately, most people are now familiar with ransomware, the headlines scream it every day. Ransomware encrypts important documents and files on infected computers and then the perpetrators demand a ransom (usually in Bitcoin) for the digital key needed to unlock the files.

Why is Ransomware so Big?

Simply put: Because it makes a lot of money for the criminals.

By some estimates, ransomware payments exceeded $1.5 billion in 2016. This is compared to only about $325 million in 2015. The staggering increase is proof that the ‘bad actors’ are succeeding. The average ransom in 2015 was the equivalent of $ 295. In 2016, it was almost double at $ 679 and is projected to be in excess of one thousand dollars in 2017. Ransomware is so lucrative that Malwarebytes estimates that 60% of all malware observed in 2016, was ransomware.


Yes, you can actually buy Petya (and other malware including a variant called “Mischa”) in a bundle, complete with instructions on how to use it.

Jakub Kroustek

“One of the perfidious characteristics of Petya ransomware is that its creators offer it on the darknet with an affiliate model which gives distributors a share of up to 85 percent of the paid ransom amount, while 15 percent is kept by the malware authors.”

Threat Lab Team lead

We are already seeing new malware variants like “Jigsaw” which encrypts the files and then starts releasing them or deleting them, to put added pressure on the victim to pay up. Expect new and innovative ways in which criminals are likely to use “incentives” to make you pay. Criminals are morphing, changing and innovating just like the rest of us.

How Should I Protect Against Ransomware?

Patch, patch, patch! Make sure that you have installed the latest bug fixes. Software is not perfect. There is a constant battle to close loopholes in existing software. In the case of Petya, Microsoft released a patch in March 2017 that would have prevented the infection. All the exploits that you hear are systems that were not patched in time.

Back up your data. And make sure that you test the restore capabilities of your systems.

Teach your users to “Think before you click”. Users remain the weak link in many organizations. Security awareness training is a necessity, not a luxury.

In Case of a Payment, Can You Restore Your Data?

In previous outbreaks – and there have been many – paying the ransom amount did result in getting a decryption key to restore your data.

In the case of the current Petya outbreak, the address where payments need to be sent, is no longer active. So, desperate companies are sending Bitcoins to a defunct address and have zero chance of getting the decryption key!

Should You Pay the Ransom?

The answer depends on how valuable your data really is? And whether you have effective means to restore the data.

In a recent survey, IBM asked 600 business leaders if they would pay to get their data back. Twenty-five percent said that they would be willing to pay up to $ 50,000 to get their data back.

Joseph Bonavolonta, Assistant Special Agent in charge of the FBI’s Cyber & Counter Intelligence Program concurs: “To be honest, we often advise people just to pay the ransom.”

In February 2017, Hollywood Presbyterian Medical Center in Los Angeles paid nearly $17,000 to unlock the hospital’s computer network. Frankly, many businesses have no option. Some look at the cost of payment as being lower than that of recreating the data, thus justifying payment.

Others argue against payments. “Caving in to the demands of cyber-extortionists only reassure them of their strategy and perpetuates the threat cycle”, says Bharat Mistry, cybersecurity consultant at Trend Micro.

Regardless, IT departments are now stocking up on Bitcoins, the digital currency used to pay most of the ransoms. They are increasingly of the opinion that it is simply better to be prepared.

Keep an Eye on Your IT Security

Do you want to detect security vulnerabilities in your IT environment? Are you looking for a good security strategy or ways to get your IT environment safe? Reach our to our security experts for advise.

Discover Managed Security
  • Managed Security
  • Security, Ransomware, Cyber Attack, Cyber Security

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

  • 15 September 2021
  • Bala Sethunathan
  • Cybersecurity, Managed Security, Cyber Threat Bulletin, Cybersecurity User Awareness
  • Cyber Threats, Ransomware, Vulnerability Management

Cyber Security Update August 2021

Accenture and Bangkok Airways suffer from a LockBit Ransomware Attack. Learn why ransomware attacks have become a favorite form of attack.

Handling GDPR Authorities After a Breach
  • 16 August 2021
  • Bala Sethunathan
  • Cybersecurity, Managed Security
  • GDPR, Cyber Threats, Data Breaches

Handling GDPR Authorities After a Breach

If a data breach or ransomware attack occurs in your organization, you must contact GDPR authorities. Here’s what you need to know to prepare.

  • 09 August 2021
  • Bala Sethunathan
  • Cybersecurity, Managed Security, Cyber Threat Bulletin, Cybersecurity User Awareness
  • Cyber Threats, Physical Security Risks

Cyber Security Update July 2021

At least one in three reported data breaches involved an insider. Accidental and malicious insider risk can cost businesses 20% of their annual revenue.