Since 2013, when Ransomware started to gain serious traction as an actual threat – countless organizations have had no other option but to pay ransom.
No two Ransomware infections will be the same, so the decision to pay might not be the best solution – and if so, then the organization shouldn't pay. However, while it might make some feel dirty – if the only other option on the table is payment, then payment will be made.
If the organization has to pay ransom to get their files back, it can only blame itself for being placed in that situation to begin with. In each reported case of a ransom being paid, the issue wasn't the infection – it was a lack of recovery options.
So the FBI wasn't wrong exactly, but the issue isn't cut and dry.
Ransomware is a case-by-case, value assessment situation. How valuable are the lost files? If you can stand losing them, don't pay. Otherwise, get ready to record a loss on the books and invest in recovery options.
In addition to recovery options, meaning backups of critical systems that are taken daily and tested regularly (or system restore options), other layered defenses that will help prevent Ransomware attacks include anti-Virus, ad blockers, and awareness training. For corporate environments, a tuned firewall is a major asset as well.
Sign up for CIO Asia eNewsletters.