The debate as to whether ransomware should be paid or not has been a bone of contention for many years. We all know that rewarding criminal behaviour is a bad idea, but when stakes are high, it can be difficult to take the high road. And cybercriminals seem to be capitalising on these grey areas.
According to recent research by AT&T Cybersecurity, 58% of IT security professionals would refuse to pay following a ransomware attack, while 31% said they would only pay as a last resort. A further 11% stated paying was, in their opinion, the easiest way to get their data back.
Despite only 11% willing to pay these ransoms, 60% of IT security professionals said that paying a ransom should not be made illegal. While 40% think that paying ransomware should be made illegal.
In addition, when asked if they feel prepared for a ransomware attack, a staggering 31% said they are unsure – a concerning statistic given the ever-increasing complexity of cyberattacks and the rise of ransomware in recent years.
“It’s clear from this research that organisations are still misguided when it comes to ransomware. Many do not know the best practices when it comes to ransomware, or worse, do not feel confident to handle attacks efficiently,” said Rich Langston, senior technical product manager at AT&T Cybersecurity. “Companies not only have to mitigate ransomware by having a solid security programme that uses protection tools to close down all possible attack vectors, but also have a back-ups that are separate from the network in case the worst happens.”