The result is attackers not only encrypt data but also threaten to leak sensitive information or pressure third parties, forcing organizations to balance reputational risks with operational disruptions.
“Trust in negotiations is eroding,” Rivas-Vásquez tells CSO. “Enforcement actions against major ransomware-as-a-service operations revealed that many attackers failed to delete stolen data even after ransoms were paid.”
Many countries are promoting international cooperation and intelligence sharing as well as applying scrutiny to third-party cryptocurrency payments agents.
“With governments cracking down on payments, rising distrust in attackers’ promises, and increased maturity in corporate responses, paying ransoms has become a less viable and riskier option for many organizations,” Rivas-Vásquez concluded.
Put bluntly: Paying ransoms may encourage further attacks and doesn’t guarantee data recovery.
Websites such as No-More-Ransom offer a lifeline to businesses that have suffered a ransomware attack, but prevention and hardening systems and procedures is beforehand always preferable to dealing with the heightened risk of a potential breach.
“Incident response and preparedness can play a key role in recovery from an incident such as a ransomware attack,” Pentest People’s Nicholson says. “By detailing and testing responses, organizations can better understand what their specific pain points are and fill any security gaps to reduce the risk.”