The Golden Rule of Ransomware Attacks: Pay a Little Now or a Lot Later

Yet another notable ransomware attack recently hit the news: Pottawatomie County paid more than $71,000 to resolve a ransomware attack on their IT systems in September 2021. In addition to the $71k, the county purchased enhanced decryption software to unlock files the hackers had encrypted. The additional software carried a hefty price tag of $5,000. 

It’s important to note that the county does not employ a full-time IT person but instead outsources the work to Fox Business Systems. Initially, the cyber actors demanded $1 million. 

Ultimately, the county decided to pay up to get their data returned to them. Downtime for any county or organization is of the utmost importance when considering whether to pay ransom demands. In this case, they felt paying the ransom was worth getting up and running more quickly than trying to recover their data by other methods.

From this attack, we learn some essential lessons about ransomware attacks.

5 Key Takeaways about Ransomware Attacks:

1. The notion of pay a little now or pay a lot later claims another victim. If you short yourself on cybersecurity investments, i.e., prevention, in the short term, the long-term consequences will cost you more. Invest regularly, and you will ultimately save money as an organization. 
2. Downtime matters. While there is undoubtedly an obvious cost to paying the ransom, most organizations will incur a considerable cost due to downtime that likely exceeds the amount of the ransom. 
3. It’s vital to employ a reputable managed IT provider (like PK Tech). Thoroughly vet your MSP. No joke — if the example had competent IT people who know backups must be segregated from the primary network in case of an attack like this, the headline would likely be “Another business restores from backup after a ransomware attack; in other news, Mable turned 102 today!” We talk more about this in our blog, Do I Need a New IT Guy? Ask These 10 Questions.
4. Cybersecurity insurance is a must for 2022. Cybercrime is a 1.5 trillion dollar industry annually — attackers are motivated and will find gaps in your security posture. The point of insurance is “in case stuff happens” — the stuff is happening at an unprecedented rate, at least get insurance to maximize your chance of remaining open for business after a successful attack. Learn more about what it is and the benefits here.
5. The buried lead in this example is this quote “they are confident that the accessed data have been deleted from hackers’ computers.” Yea, not likely. They claim this is true because if hackers didn’t delete their copy of the data, future victims won’t pay the ransom, and maybe the hackers would get a bunch of 1-star reviews on Yelp — “I paid the ransom but they still extorted me, worst criminal organization ever 😢.“ Here’s an unfortunate (likely) truth to the citizens of Pottawatomie County — your data will (likely) be used for extortion efforts for round two of the crime. Then it will (likely) be resold over and over on the dark web because hackers have zero ethics and only care about money. Cybercrime doesn’t get to $1.5T a year on $71k payments one time.

If you are thinking about working with a managed service provider in 2022 or are curious about investing in cybersecurity insurance, let’s chat—PK Tech services clients in many industries with varying organization sizes. Get in touch with our team here.