There is still much being written and conjectured about ransomware this week, including response and preparedness. Paying or not paying continues to garner much attention. Here are a few of the notable musings.
To Pay or Not to Pay. In Don’t Pay the Ransom – Easier Said than Done (August 20, 2020), WaterISAC shared that when ransomware strikes a company, it’s easy for pundits to say, “don’t pay the ransom.” But in reality, that is not always a practical business choice. Nearly a year later, those sentiments are still true, as several recent high-profile attacks have demonstrated. Mimecast reviews five reasons why organizations pay and five reasons why they shouldn’t. Ultimately it’s best to pay (invest) to secure now, than it is to pay (extortion demands and then some) more to recover later. Check out Mimecast for more.
Would it Make a Difference if Ransomware Payments were Banned? A recent survey of security management and executives found that 44% of firms would consider paying at least 10% of yearly revenue to resolve a ransom, while 20% of firms are willing to pay 20% of their revenue or more. Likewise, while the report revealed that 40% of organizations believed they would decline paying a ransom, this may actually be less in practice, as companies tend to overestimate their abilities to defend against ransomware. The survey was conducted by Neustar International Security Council and Harris Poll, and serves as another indication that the decision to pay or not isn't always cut-and-dried, despite conventional wisdom and guidance. According to Dave Burg, leader of EY Americas’ cybersecurity practice, the concern about banning the ransom payment is, if the government is not able to respond with extreme speed and scale to that particular situation, then the business has to make a decision: Do I go out of business or do I make the payment and stay in business? Read more about the survey findings and expert analysis at SC Magazine.
Ransomware Payments – “Necessary” Business Expense Deduction? Sans guidance from the IRS, multiple tax experts say there could be a “silver lining” for a ransomware payment, claiming it fits the definition of an ordinary and necessary expense. While that justification isn’t ‘wrong’ and it’s allowable to deduct losses from traditional crimes, such as robbery or embezzlement, this seems to just open Pandora’s Box even further on the “to pay or not to pay” quandary. What else could possibly make this situation worse? Read more at SecurityWeek.
Avaddon Decryptor Available. In last week’s WaterISAC Ransomware Roundup - June 15, 2021, we reported the group responsible for the Avaddon ransomware reportedly shut down and provided nearly 3000 decryption keys for their victims to BleepingComputer.com. Today, Bitdefender released an updated version of the Avaddon decryptor tool. If you have been a victim of Avaddon, check out Bitdefender for more.