C Spire Business Blog

Should your company pay the ransom to end a ransomware attack?

Written by Jim Beaugez | Jun 20, 2024 4:48:00 PM

If your organization has experienced a ransomware attack recently, you have plenty of company. If not, then count yourself lucky.

Eighty-five percent of organizations suffered at least one ransomware attack in the past 12 months, according to the 2023 Veeam Ransomware Trends Report—and more companies will have a ransomware attack this year than turn a profit. Ransomware attacks can be damaging to your bottom line, your customers and your reputation. And the criminals who perpetrate these attacks know that.

While the temptation to apply an immediate fix to the situation by paying the ransom can be strong, it’s important to think through the situation. Play the reel forward a few frames, and you’ll quickly see there is more to consider than simply the financial hit.

Here are three reasons why your organization needs to have a well-thought-out and tested plan in place now for a potential ransomware attack.

Your data is usually not fully recovered.
Let’s say you decide to trust the criminals who hijacked your systems and are holding your valuable data assets hostage. It’s difficult to conduct business without it, so you cave in to their demands and pay the ransom. But once you use the encryption key, you discover some of your data is corrupted. Or, they simply leave you empty handed once they get paid. Only one in four companies fully recover data held in a ransomware attack, per the Veeam report.

Insurance is not a plan.
Insuring your car and home makes practical sense. While you may not get your property back in the event of theft or disaster, you can be compensated financially and use those resources to replace it. But you can’t buy new data to replace the data that formed the foundation of your organization. And insurance won’t recreate your data. At best, an insurance policy could cover related legal and recovery costs.

Your nightmare may or may not be over.
If you’re one of the lucky ones who get the bulk of their data back, it’s not time to celebrate just yet. Roughly half of affected organizations risk reinfection during the data restoration process. That’s if your backup repository wasn’t hit, too, since the bad guys also target those in three-fourths of ransomware attacks.

There is good news, though. If your organization has done its due diligence, you’ll never have to pay for a ransomware attack.

Learn more about the risks of ransomware attacks—and how to protect your organization—in the 2023 Veeam Ransomware Trends Report.