Do we have to pay the ransom?
Senior leaders and boards must have a plan in place to manage and respond to ransomware attacks, and that must include clear guidelines and an agreement on whether the ransoms should be paid. Each organization should discuss and practice incident response, including consideration of what to do in the event of a ransom demand. It’s also important to understand that ransomware has also given rise to attacks where not only was data encrypted and made inaccessible, but attackers also stole data and threatened to expose it in the public domain in order to “incite »The victims to pay.
Today, in most cases, it is not illegal to pay a ransom. However, board members must decide if they will pay and what the payment threshold is. For example, you can decide not to pay if compromised desktops can be contained and recovered without affecting customers or data. But you can decide to pay if there is a significant disruption to your business operations or if data privacy is at risk. There is always the risk that if you pay, it still won’t lead to full systems and data recovery.
It is imperative that all businesses have clear processes, tested in simulations, for knowing what to do in the event of an incident such as a ransomware attack. These conversations need to happen long before you face a crisis.