• Case Lookup
  • Emerge Login
Locate Us
Join Us
Français
Compugen logo Home
  • Business Solutions ^
    • Business Solutions
    • Datacentre & Cloud ^
      • Datacentre & Cloud
      • Converged Datacentre
      • Cloud Computing
      • Server Virtualization
      • Enterprise Storage
      • Data Management & Protection
    • Communication & Collaboration ^
      • Communication & Collaboration
      • Business Communications
      • Networking
      • Wireless
    • End User Computing ^
      • End User Computing
      • Desktop Management
      • Mobility
      • Application Delivery
    • Security
  • Products & Services ^
    • Products & Services
    • Managed & Packaged Services ^
      • Managed & Packaged Services
      • Managed Solutions
      • End User Support
      • Infrastructure Support
      • Software Management
      • Managed Print
      • Packaged Services
    • Professional Services ^
      • Professional Services
      • Program & Project Management
    • Support & Maintenance ^
      • Support & Maintenance
      • Imaging & Deployment
      • Ongoing Maintenance
      • Staffing
    • Asset Disposal & Recycling
    • Hardware & Software Management ^
      • Hardware & Software Management
      • Hardware
      • Software
      • Online Lifecycle Management (Emerge)
    • Financing
  • Industry ^
    • Industry
    • K-12 Education
    • Higher Education
    • Heathcare
    • Retail
    • SMB
  • Learning Center ^
    • Learning Center
    • Blog
    • Customer Stories
    • Events & Training
    • News & Awards
    • Resources
  • About ^
    • About
    • Our Story
    • Leadership
    • Our Offices
    • Our Partners
    • Careers ^
      • Careers
      • Current Opportunities
    • Green Initiatives
    • Community Involvement
  • Contact Us
IT Buzz Banner

Looking for a little inspiration, some ideas or trusted advice? We've got you covered.

Ransomware: To pay or not to pay

Posted By Marc Perreault Director, Security Operations June 02, 2021

I Stock 1217882746

The Colonial Pipeline Cyber incident was a sobering wake up call to the critical effects that a ransomware attack can play into not just business, but society. CEO Joseph Blount had a very difficult decision to make: To pay or not to pay.

When faced with this decision on how to respond to a ransomware attack, the focus must turn to your answers to key decision factors. I’ve typically have been of the opinion not to pay or negotiate as this is what is giving the cyber criminals the ongoing incentive to continue in this ransomware business. Now that I’ve seen the impact of a serious attack on critical infrastructure, I’ve reeled back and realized that we have to consider many variables that make this a per case decision and not simply a jump to “don’t pay”.

In making this decision, we look at several factors:

1. Are the organization’s key assets / services critical to society or high value data that may cause grave harm to a nation? In some cases, like Colonial Pipeline, profits need to come last when you have a social responsibility to provide heat for homes, a safe environment for workers and avoid risk of environmental disaster. The choice to shut down the pipelines was said to be associated to CP being unable to bill for the fuel outputs primarily, but also to ensure the safety of the pipeline workers and customers by keeping the attacks out of the OT pipeline network.

2. Does the organization have a Cyber Security Incident Response retainer? There are several options when choosing a Cyber Security partner for incident response services and retainers. Some come with EDR tools, IR plan development and SLAs. If you have a retainer, it is critical to understand all the roles and responsibilities of the organization, the retainer 3rd party and any additional support mechanisms.

3. Does the organization have the ability to restore services without the need of the encryption key? When considering risk to your organization, data recovery should be top of mind. Not just for impacts of Ransomware events, but any major incidents to systems. If backups aren’t completed frequently and protected, options are limited. You also need to consider how much human power is required for recovery and if additional resources need to be provided by partner organizations. These costs can add up quickly if several resources are needed.

4. Does the organization have a cyber insurance plan and if so, what is covered and what are the limitations / caveats? It is important to note that a cyber insurance plan is not a silver bullet for cyber incidents. Cyber insurance is in place to help an organization fiscally recover from costs surrounding cyber events, such as services to restore and loss of revenue. It is important to understand the coverage and limitations regarding who can be engaged to assist with the incident response and recovery, as well as approval and possibly coverage of ransom payment.

5. Is the risk worth the reward? Let’s face it, when dealing with any type of criminal, the confidence that they will comply with a payment in exchange for encryption keys to restore systems is a large risk.

Depending on the requested ransom amount vs the potential cost of recovery, cyber insurance providers may suggest paying the ransom vs attempting to recover from backup or rebuild as the insurer will typically lean towards on the lower cost option. The decision is ultimately up to the organization. There is no firm answer to paying, negotiating or not paying, it simply is a game time decision that requires input from various areas of business and expertise.

There are other issues raised by the interview with the CEO.

“Though the pipeline’s flow of fuel has returned to normal, the impact of the hack hardly ended with the ransom payment. It will take months of restoration work to recover some business systems, and will ultimately cost Colonial tens of millions of dollars, Mr. Blount said, noting that it is still unable to bill customers following an outage of that system.” – Collin Eaton / Bloomberg News

The time to restore needs to become a priority goal for our industry. There has been far too little attention to developing a strategy to do this. This will be topic of my next blog.

Security Cybersecurity Incident Response

< Previous Article

Understanding hybrid IT

Next Article >

Top five things to consider before adopting hybrid IT

We address the bottom of the iceberg. Sign up and get relevant and timely content about our approach to business through an IT lens.

Navigation

Business Solutions

  • Industry
  • Datacentre & Cloud
  • Communication & Collaboration
  • End User Computing
  • Security

Products & Services

  • Managed & Packaged Services
  • Professional Services
  • Support & Maintenance
  • Asset Disposal & Recycling
  • Hardware & Software Management
  • Financing

Customer Stories

  • Corporate
  • Education
  • Energy and Utilities
  • Finance
  • Healthcare
  • Non-profit
  • Public Sector
  • Retail

About

  • Our Story
  • Leadership
  • Our Offices
  • Our Partners
  • Green Initiatives
  • Community Involvement
  • Awards

Careers

  • Working at Compugen
  • Current Opportunities

Contact

  • Find A Location

News & Articles

  • Find A Location
  • Awards

Client Login

  • Case Lookup
  • Emerge Login

Industry

  • K-12 Education
  • Healthcare
  • Higher Education
  • Retail
  • SMB

Connect With Us

  • twitter
  • facebook
  • linkedin
IT Buzz
  • Privacy Policy
  • Accessibility
  • Terms & Conditions
  • National Master Standing Offers (NMSO)
  • Terms of Product Sales
  • Terms for the Supply of Services

©2023, Compugen Inc. Website by Caffeine Creations.