Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period. Struggling to recover from the outage, local officials reportedly paid a ransom worth $400,000 in bitcoins to restore IT systems and infrastructure.
To Pay or Not to Pay
Law enforcement officials and security experts regularly counsel ransomware victims to never pay ransoms to attackers, since it directly funds further criminal activities and may lead to victims being targeted multiple times. But some businesses and government agencies do pay ransoms, especially when they have no defenses in place, their backup systems have failed or the attack leaves their business or operations at risk of folding.
Jackson County used a third-party firm to contact the attackers and arrange the payment, according to published reports. While paying might encourage other ransomware schemes, Steve Durbin, the managing director of the Information Security Forum, a London-based authority on cybersecurity and risk management, tells ISMG that often, victims lack a backup plan, so paying the ransom is perceived to be the only option.
“When it comes to ransomware in particular, one question that I’m asked frequently is: ‘Should I pay?’ Ultimately, this is up to the discretion of the individual or the organization,” Durbin says. “Most will say that you should not pay. Others will say that it is OK. But remember, you could end up with a target on your back. The bottom line is that if you can’t do without the information, and you don’t have a backup, then paying is the only alternative you have left to recapture your information. Therefore, prevention is the way to go to better protect yourself.”