← Back to Guides
Cybersecurity
Nov. 9, 2022
Ransomware — To Pay or Not to Pay the Ransom?

Do you have to pay a ransom to get your files back? What the experts say

Ransomware remains one of the most profitable threats for cybercriminals. If your company falls victim to an attack, should you pay the ransom? Security experts have a clear answer.

Resource · Keptos

Ransomware: A Threat That Won't Go Away

Ransomware is a type of malware that encrypts your company's files and demands payment in cryptocurrency in exchange for the key to decrypt them. In recent years, attacks have affected hospitals, municipalities, pharmaceutical companies, and subsidiaries of multinational corporations in Mexico and Latin America.

To Pay or Not to Pay? The Experts' Recommendation

The unanimous response from cybersecurity agencies and industry experts is: DO NOT pay the ransom. The reasons are compelling:

  • It does not guarantee that you will recover your files: only 65% of victims who pay manage to recover all their data.
  • You're funding cybercriminals: Your payment funds future attacks against other organizations.
  • You become a recurring target: organizations that pay are attacked again in less than 6 months.
  • It may be illegal: in some countries, paying ransoms to sanctioned groups can have legal consequences.

What should you do if you have a seizure?

  1. Immediately disconnect the affected devices from the corporate network.
  2. Don't shut down the servers: some forensic experts can recover passwords from RAM.
  3. Contact your IT security provider or the authorities (CERT-MX in Mexico).
  4. Check your backups: if you have recent, isolated backups, recovery is possible without paying.
  5. Document everything: preserve evidence for forensic analysis and potential insurance claims.

The best defense: prevention and backups

  • Automatic backups using the 3-2-1 rule (3 copies, 2 different media, 1 offsite copy)
  • Network segmentation to limit the spread
  • Up-to-date security updates on all endpoints
  • Ongoing employee training to detect phishing
  • EDR solutions EDR automated response capabilities

Is your company ready?

At Keptos cybersecurity audits that assess your level of exposure to ransomware and design incident response plans tailored to your industry.

Do you need specific help with this topic?

30 minutes with one of our directors. No sales pitch—straight to the point.

Free Diagnosis · 30 minQuote within 24 hours