Should you pay the ransom?

The National Cyber Security Centre has published new guidance on what to do if you suffer a ransomware attack—and these attacks don’t just happen to big companies.

A ransomware attack is likely to be a highly stressful time, and the attackers will put pressure on you to act quickly. If you’ve read the NCSC guidance in advance—maybe downloaded it to share with others—and planned what your response might be, you might reduce the stress on yourself and your staff a little.

Before you make any decisions, you should know that if you do decide to pay the ransom:

  • There is no guarantee that the attackers will restore your data, or your access to your computer. In fact, they may take the money, and sell your data anyway.
  • Your computer (or computers) will still be infected with ransomware. You may need specialist help to clean it up.
  • You will be paying criminals. While not illegal, it is possible to be charged with related offences, such as money laundering or financing terrorism.
  • And you are more likely to be a repeat target—because the attackers know that you will pay.

If you can, contact the experts before you act—and ideally, before you make any contact with the attacker. The NCSC has a list of companies with experience of negotiating with attackers. These companies will also be able to help you recover. If you have cyber insurance, your insurer may also be able to help find suitable expertise. Whoever you choose, you may be able to set up an agreement with them in advance, so that if you are attacked, they will come to your aid quickly.

NCSC guidance on paying (or not) the ransom

It’s best to be prepared. Do read the guidance, and if you can, implement the NCSC advice on how to reduce your risk of ransomware.

When you’re reading the guidance, think about the impact on your business. How long would you be able to keep going without your information? What would it cost—and what would the impact be on your business’ reputation?

Think about the impact if the attacker publishes sensitive information that you hold about people. (What this might be will vary by industry, of course). Your staff are also likely to be affected. They are likely to be highly stressed by the incident, and might even experience physical illness as a result.

Find the guidance here https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents.

 If you’d like help with this, or support with other cyber security issues in your business, call us on 0113 633 7230, or fill in our contact form.