Bench & Bar of Minnesota is the official publication of the Minnesota State Bar Association.

Ransomware: To pay or not to pay?

“No matter what you do, you might become a victim. Yet there are very manageable and reasonable ways to prepare yourself for the possibility that it will happen to you or your organization.”

I got a great question from a concerned audience member at a recent speaking event: “If I am a victim of ransomware, should I pay the ransom?” Many people share the same concerns about giving in to cyber criminals. To what extent should I fight for my data and accede to the demands of those holding it ransom?

As with many cybersecurity efforts, an ounce of prevention is worth a pound of cure. Oftentimes, I think that things like ransomware seem to be inevitable. No matter what you do, you might become a victim. And to some extent, the execution of these attacks is random (but only to an extent, and I will touch on that later). Yet there are very manageable and reasonable ways to prepare yourself for the possibility that it will happen to you or your organization.

In an effort to avoid paying ransom to a cybercriminal, my best suggestion is to keep very regular backups of all data on external servers and have a reliable restore protocol in place. Keeping the data in separate, secure locations where they remain available to the organization will ensure that your organization doesn’t keep all of its eggs in one basket. If one day you are faced with a ransomware message stating that you have to pay or lose all of your data in the next 10 hours, you can simply wipe your device clean without having to worry about the data it contains. By backing up your data yourself, and knowing how to retrieve it if you must, you are effectively counteracting the potential threat that ransomware poses. If they’re threatening to delete your data, delete it yourself.

Of course, if you have not prepared for a ransomware attack in this way, you may feel there is no other option than to pay the ransom to retrieve your data. But this isn’t as easy as it may initially sound. First of all, some ransomware attacks are coming with shorter and shorter payment deadlines, meaning that by the time you fully realize what is happening, you may have lost critical time in getting your ransom payment placed. Depending on the attacker’s preferences, a cybercriminal may choose to be paid in any number of cryptocurrencies, the primary one being BitCoin. Processing a payment in cryptocurrency, especially if it is a sizable sum, may require a lengthy verification process, the establishment of a CoinBase account to have your bank wire money into a custodial account, or signing up for a digital wallet or digital currency converter.

The process can ultimately be quite lengthy and consists of several steps, which is nerve-wracking when the cybercriminal is potentially deleting documents one by one. Some organizations choose to prepare for ransomware attacks by figuring out how to go about these processes in the quickest way possible, but even then, the value of cryptocurrency often fluctuates and ransom payment requirements may vary substantially depending on the attack.

And if you do end up paying that ransom, your likelihood of becoming a victim again increases. The bad guys now know that you are someone who pays, and that will encourage repeat attacks. In fact, the next attack might even come with a higher ransom.

So back to that original question, “If I am a victim of ransomware, should I pay the ransom?” The best answer is: Prepare yourself so that you don’t have to. As with all cybersecurity concerns, it’s typically not a matter of if, but when.

Go ahead and assume it will happen, and beat the cybercriminals at their own game. Be prepared to delete your data if you need to, only to go retrieve it on an external server later. While it may not be convenient to back up your data regularly, remember that when we gain convenience, we lose security and vice versa. Think of it as an insurance policy against possible ransomware attacks and the dire consequences they may spell for you or your organization.


MARK LANTERMAN is the chief technology officer of Computer Forensic Services. A former member of the U. S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security and forensic experience and has testified in over 2,000 cases.

Leave a Reply

Articles by Issue

Articles by Subject