Why you should not pay a ransom

The number one threat to UK businesses remains ransomware and in 2022 we are seeing an increase of ransom payments to criminals. Phil Ashley explains why companies should NOT pay the ransom if they are a victim of a ransomware attack.


Ransomware victims believe they are faced with an agonising but simple dilemma: either pay the ransom or lose valuable data. And in 2022 more companies are favouring to pay the ransom, either due to lack of adequate data backups, or because they believe it is a cheaper and safer route to resolution. However, the reality is more complex.


Do not pay a ransom

First things first: do not pay a ransom. Paying a ransom does not guarantee you access to your data. You are putting blind faith into the same criminals that stole your data that they will honour the transaction and not tamper with or delete it regardless.


Paying a ransom also sends a message to criminals that you are willing to pay, and they could sell on this information to others.


It is tempting to pay a ransom to quickly restore services, but it is important to remember that the UK government does not recommend this approach. The National Cyber Security Centre (NCSC) and ICO recommendation is to refrain from paying a ransom in the event of a cyber-attack.


Furthermore, the Information Commissioner's Office (ICO) has clarified that ransom payments will not be considered as risk-mitigation for harm to individuals whose data may be involved in a cyber-attack or data breach, and so paying a ransom will not reduce any penalties incurred.


Indeed, the ICO considers risk mitigation to be where businesses demonstrate they fully understand and have learned from an attack, have raised an incident with the National Cyber Security Centre (NCSC) where appropriate, or can demonstrate compliance with NSCS guidance.


For companies that are subject to a fine as a result of a security breach, the ICO also recognises that penalties should be reduced if businesses engage with a cyber incident response company with a Security Operations Centre (SOC) to help contain the impact of the incident and prevent future occurrence.


Being prepared is the best defence

If you have reached the stage of deciding whether to pay a ransom it is too late to plan ahead. Ransomware attacks start long before you notice their impact and once they are in your system they often lie dormant for a specific period or until a particular date. The only way to try and mitigate this is to prepare and protect your systems in advance, and plan how you will respond to an attack.


An easy, cost-effective way to prepare and protect your business from cyber-attacks is to employ a cybersecurity service team to review your technology and highlight areas of weakness and constantly monitor your environment and alert you to vulnerabilities in your estate. Managed services like this will help your organisation understand how to protect your data, and implement strategies that enable rapid recovery with minimal data loss in the case of a security incident.


Crossword’s Nightingale managed services and SOC can help with this. Nightingale constantly monitors activity on your network, infrastructure and cloud platforms to look for signs of attack. In the event of an attack Nightingale will help you respond, minimise potential data loss, retain critical data for use by authorities and get you back working as soon as possible.


Remember, do not pay a ransom. And prevention through preparation is the best defence.

Find out more about our Nightingale services here.