don't pay ransom, ImageQuest

Don’t pay ransom – it only spurs more ransomware attacks, according to Microsoft.

In a recent blog post by Microsoft’s Detection And Response Team, organizations are urged to maximize their security efforts instead.

“Paying a ransom is often expensive, dangerous, and only refuels the attackers’ capacity to continue their operations,” the post says. “(B)ottom line, this equates to a proverbial pat on the back for the attackers. The most important thing to note is that paying cybercriminals to get a ransomware decryption key provides no guarantee that your encrypted data will be restored.”

The advice follows a wave of local governments turning to cyberinsurance to pay ransom demands after ransomware locked up crucial municipal systems. Cities and business victims often pay the ransom in hopes of getting a decryption key to restore their systems.

But their results have varied. While some got their systems operating again within a few days, others paid for decryption keys that didn’t work. And some victims’ computer networks were damaged beyond recovery by the malware.

Taking steps to “harden” your system against a ransomware attack is a better way to go, Microsoft advises. The recommendations they list are all measures we offer to our clients.

Purchasing cyberinsurance is still recommended – but not for paying ransoms. If you do get hit, you will face potentially expensive recovery costs that insurance can help defray.

But even with insurance – if you are taking recommended steps to protect your organization, your claims may get rejected.

We can help you assess your cybersecurity – and whether your systems are vulnerable to ransomware. We can also offer guidance on cyberinsurance. Contact us to learn more.