If you are a victim of ransomware, what should you do? Here are some choices.

1. Pay the ransom.

2. Call law enforcement.

3. Not pay the ransom.

4. Follow 2 and 3.

There really is no right answer. The FBI strongly encourages victims to contact one of its local field offices or the U.S. Secret Service immediately in order to provide assistance when your business is blackmailed by cyber thieves. It also does not encourage payment of the ransom.

Here are the risks you face if you pay.

 * Paying the ransom does not guarantee access to your data once the ransom is paid.

* Paying the ransom opens the door to future attacks because the attackers know you will pay.

* After paying the ransom, some victims have been asked to pay even more to get the encryption keys.

* Paying ransom supports and encourages this illegal activity.

However, what if the information being held hostage is critical to your business? In addition, how much will downtime cost you? I compare this to companies that will settle out of court even if they are not guilty. They do so when they know the cost of trying to prove their innocence – with no guarantee of that -- would be much greater than settling.

It may be giving in to extortion, but it’s still a tough call.

I know of four dealers who dealt with ransomware recently. I talked to one in my “Beware of Ransomware” report in our April issue. He didn’t pay, but his new POS software system was less than two weeks old. He also didn’t call the authorities.

He was a little embarrassed. “You think you’re smart enough to run your business,” he told me.

The FBI says law enforcement “may be able to use legal authorities and tools that are unavailable to most organizations.” It can even enlist the assistance “of international law enforcement partners to locate the stolen or encrypted data or identify the perpetrator.”

If you experience a ransomware attack, I would suggest you give the FBI a call. Ransomware cost businesses at least $1 billion last year, and that doesn’t take into account unknown attacks where the business owner paid the ransom and moved on. It also doesn’t take into account downtime. $1 billion is a very conservative estimate that cybersecurity companies agree will increase dramatically in the next five years.

As for whether or not you should pay the ransom, that’s a tough call.

Author

Bob Ulrich
Bob Ulrich

Editor, Retired

Editor Bob Ulrich has earned a reputation as an industry expert thanks to his insightful, in-depth articles and blogs on the tire industry. Before joining Modern Tire Dealer in 1985, Bob earned a B.A. in English literature from Ohio Northern University. Also, he graduated from the University of Akron School of Law with a J.D.

View Bio

Editor Bob Ulrich has earned a reputation as an industry expert thanks to his insightful, in-depth articles and blogs on the tire industry. Before joining Modern Tire Dealer in 1985, Bob earned a B.A. in English literature from Ohio Northern University. Also, he graduated from the University of Akron School of Law with a J.D.

View Bio
0 Comments