Earlier this week, US firm, Pitney Bowes was hit with a ransomware attack that it said had encrypted information on its systems. While it is reported the company is working with a third party to address the issue, it still faces the challenge of whether to pay the ransom.

It was not long ago that the FBI issued advise to companies on how to tackle the threat of ransomware. Whereas previously it had been quite firm on not negotiating with cyber criminals, its latest document points to a softening approaching, suggesting it is now 'plausible' to pay a ransom.

Despite the temptation, business should retain a non-negotiation philosophy in the face of demands, according to managing director of Databarracks, Peter Groucutt.

“We’ve seen a lot of incidents reported in the press, particularly public sector organisations in the US, hit by ransomware attacks. While some remain staunch on not negotiating with criminals, there are those who have actually relented and paid a ransom to get their data back. Given ransomware attacks are becoming more common, there’s no excuse to be unprepared.

“Agreeing to pay a ransom isn’t conducive to long-term security. Cyber criminals, experienced and new, see it as a big money-making opportunity and are consequently devoting vast resources to develop new strands and new methods of delivering ransomware. Being seen as a ‘payer’ makes you vulnerable and potentially invites further attacks.”

Groucutt recommends instead that organisations recover their information from historic back-up copies. “When recovering from ransomware, your aims are to minimise data loss and IT downtime. Unfortunately, there is no way a business can completely prevent itself from an attack. But by having a defensive strategy you can reduce the impact of an attack," he added.

Share Story: