Ransomware attacks can disrupt business and lead to massive costs, according to Forrester. Here’s why you should consider paying along with other incident response plans.
In the wake of a ransomware attack that encrypts critical business data, executives should consider paying the ransom as a viable option along with other responses, according to a recent post from Forrester senior analyst Josh Zelonis and senior research associate Madeline Cyr.
Businesses are directed by the FBI and other sources not to pay the ransom in attempts to unlock files, as doing so does not guarantee the cybercriminal will actually unlock the files, and encourages hackers to continue using this method in the future. However, when business operations have come to a halt and costs begin to increase, paying the ransom becomes a tempting option, Forrester wrote.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
Take the city of Baltimore, which was dealt a ransomware attack in May that disrupted the city’s operations, including police and finance department activity. While the cybercriminal demanded $76,000 in bitcoin, the mayor refused to pay. The attack ultimately cost the city an estimated $18.2 milliond.
Forrester has been tracking a trend of companies that paid for decryption keys as part of incident recovery. While the firm does not issue a recommendation of whether or not to pay the ransom, it does guide organizations to recognize that paying a ransom is a valid recovery path that should be explored along with other recovery efforts to make the best decision for the business at the time.
“Conventional wisdom does not factor in what is best for your business and the situation you are currently in. Platitudes and emotion are not going to help you formulate an optimal recovery path for your business,” the report said. “Recovery is complicated even if you have good backups that survived the attack. Many organizations significantly underestimate the scale of disruption they need to plan for or make too many assumptions about what functionality will continue to exist after an attack.”
For more on how to create an incident response plan, check out Incident response: What needs to be in a good policy and Online security 101: Tips for protecting your privacy from hackers and spies on our sister site ZDNet.