GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

By Zac Amos

Well-placed malware can cause crippling losses – especially for small and mid-sized businesses.

Related: Threat detection for SMBs improves

Not only do cyberattacks cost SMBs money, but the damage to a brand’s reputation can also hurt growth and trigger the loss of current customers.

One report showed ransomware attacks increased by 80 percent in 2022, with manufacturing being one of the most targeted industries. Attack that drew public scrutiny included:

•Ultimate Kronos Group got sued after a ransomware attack disrupted its Kronos Private Cloud payment systems, relied upon by huge corporations such as Tesla, MGM Resorts and hospitals That ransomware attack shut down payroll and human resources systems.

•The Ward Hadaway law firm lost sensitive client data to ransomware purveyors who demanded $6 million, or else they’d publish the data from the firm’s high profile clients online.

•The Costa Rican government declared a national emergency, after attackers crippled govenrment systems and demanded $20 million to restore them go normal.

•The Glenn County Office of Education in California suffered an attack limiting access to its own network. They paid $400,000 to regain access to accounts and protect prior and current students and teachers, whose Social Security numbers were in the data.


These are just a handful of examples of ransomware attacks in the last year. Some victims paid the ransom while others restored their systems without payment. Those that paid the blackmailers came to the conclusion that  restoring revenue generating operations, via rewarding criminals, was their best option.

Why not to pay

However, the U.S. Department of the Treasury warns against paying ransoms, citing the 37% annual increase in reported cases and 147% increase in costs. Paying doesn’t guarantee your business won’t be hacked again. It also spurs on the cybercriminals, showing them such attacks are profitable.

The U.S. Treasury says paying ransomware ransoms just encourages hackers to come up with bigger and bolder demands over time.

So wWhy would a business pay out money instead of cleaning up the mess and securing its systems? Some reasons include:

•Lack of resources to clean up the hacked files.

•Loss of money from downtime exceeds the ransom.

•To prevent damaging information from becoming public

Many business owners are also embarrassed they allowed criminals into their systems. They worry it makes them look careless and they want to cover the situation up by whatever means necessary.

Disincentivizing payment

What are some key ways of discouraging businesses from paying ransoms? Teach them to keep a full backup of all data. It’s much easier to restore lost information if the brand has a copy of it.

A plan of action is vital in the case of any hack. Taking steps to lock down information fast minimizes damage. Send out immediate notices to customers and ask them to reset their passwords, and inform them their data may be exposed to the dark web.

Report any hacking attempts or ransomware demands to the FBI or the authority in the business’s location.

Paying ransom to hackers only encourages them to attack other business owners, governments, and educational institutions. It’s best to stay away from paying out any funds in cryptocurrency or otherwise. Lean toward spending money on cleanup and restoration rather than a payoff.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone