It depends. When it comes to cyber outages the UK public sector officially does not pay ransomware hackers at all, although UK governments – of all types – track records on honesty and financial probity don’t bear scrutiny for more than five minutes. But private companies can do as they see fit and sometimes take the view that getting back online, serving customers and earning revenue takes precedence over any `mole’ hunt, or further disputes over the ransom payment currency preferences.
The recent case of United Health in the USA is a case in point. According to Reuters they have paid some $22m to get access to their systems back. It may be true, although United Health are saying nothing.
Here’s some comment from Cliff Steinhauer, Director of Information Security and Engagement at The National Cybersecurity Alliance on the case;
The decision by UnitedHealth to pay $22 million in cryptocurrency to the cybercriminal group behind the Change Healthcare cyberattack underscores the complex ethical and practical considerations involved in responding to ransomware incidents. While such payments may provide immediate relief by restoring access to compromised systems, they also fuel a dangerous cycle of extortion and incentivize further attacks on vulnerable organizations.
Beyond the immediate financial cost, paying ransoms may perpetuate illicit activities, embolden cybercriminals, and undermine efforts to combat cyber threats effectively. Moreover, the lack of transparency surrounding ransom payments raises concerns about accountability and compliance with regulatory requirements, highlighting the need for greater scrutiny and oversight in navigating the murky terrain of ransomware negotiations.
The prevalence and severity of ransomware attacks, such as the one targeting Change Healthcare, underscore the urgent need for organizations to prioritize cybersecurity preparedness and adopt proactive measures to mitigate cyber risks. Instead of relying solely on reactive strategies like ransom payments, companies should invest in robust cybersecurity technologies, implement comprehensive incident response plans, and cultivate a culture of security awareness across all levels of the organization.
By enhancing their defenses and fostering resilience against evolving cyber threats, organizations can better protect their assets, safeguard sensitive data, and mitigate the potentially devastating impacts of ransomware attacks on their operations and reputation.
Be the first to comment