We have discussed it several times that a ransomware target must not engage with the attackers or pay them for ransomware removal. Law enforcement entities also advise the same. Ransomware operators are essentially criminals. So, there is no way you can guarantee that they will provide you the decryption key upon the payment of ransom.
Nevertheless, even after knowing this, organizations pay extortion money to cryptovirological operators. In most of the cases, they get the right decrypter from the attackers after a ransom payment. Before we move to outline the instances when extortion money should be paid to the attacker, keep in mind that it must only be exercised as the last resort.
- If ransomware activity has encrypted the data not significant to critical operations, then affected organizations should focus on doing ransomware removal on their own. However, if a critical set of data with no backup has been encrypted, then organizations can think of paying the attackers.
- If ransomware removal measures are taking more than usual and resulting in insufferable downtime, then the organization can mull over the option of paying the attackers for quick decryption. However, if the organization can sustain the incurred downtime, then it is better to stick with professional ransomware removal and restoration.
- If the organization is not certain about 100 percent recovery from backups and there is a risk of data loss in ransomware removal measures, then organizations are not left with any other option except to contact the attackers.
- In case the attack surface is of enormous in size and the targeted company is suffering from a shortage of staff, then the option of ransom payment can be exercised.
With data backup maintenance and good cybersecurity measures in place, targeted users can avoid this undesirable option of dealing with ransomware.