Ransomware has arguably been the biggest cybersecurity threat this year. Individuals, local authorities, hospitals, and companies were very numerous to suffer a ransomware attack in 2022. For companies, the risk of bankruptcy is indeed there, if they cannot recover their data. Many leaders therefore ask themselves this question: do I have to pay the ransom?
Pay the ransom to avoid the worst?
And precisely, Michael Parent, of Simon Fraser University in Canada, published a very interesting opinion on this subject on the site The Conversation. The researcher first recalls that half of the organizations affected ultimately choose to pay, and that there are in fact no simple answers to this question.
A commercial dimension is obviously to be taken into account. Before paying, you should know that this encourages cybercriminals to persevere, and that this makes you a potential target because other hackers may know that you are ready to pay a ransom.
However, and if you finally decide to take action, there is a good chance that you will recover your data. According to a recent study, in 70% of cases, the payment of a ransom makes it possible to obtain a valid decryption key, specifies Michael Parent.
We are therefore dealing here with a classic cost/benefit for the business leaders concerned. Depending on the value of the stolen data, and the amount requested, it will be necessary to arbitrate to know which decision to adopt.
Be careful, however, because ethical considerations also come into play. Paying a ransom amounts to playing into the hands of cybercriminals, and this can therefore have a negative impact on the image that is given of a company to its customers or employees.
The professor suggests in particular: “Instead, the organization can choose to invest the funds that would otherwise be spent on paying the ransom into training, cyber protection, and upgrading and patching systems. »
Simple steps to protect against ransomware
Either way, it is important to act upstream, and before the ransomware attack occurs. Thus, regularly backing up your data is essential, as is setting up multi-factor authentication.
Raising your employees’ awareness of cybersecurity issues is also very effective. We know that major hacks sometimes occur as a result of small errors made by certain employees.
