Here’s what can go wrong when you pay off your attackers

Companies often say they won’t pay ransomware, no matter what. But the truth is, many often do.  

Even an FBI official recently urged companies to pay up rather than going through the hassle of trying to find a solution before it’s too late.

But there are always those who say that it’s better not to pay up for a variety of reasons. Now there’s a company which is sharing its own experiences with what can happen when paying off the attackers doesn’t go as planned.

Continuous DDoS

Starting on Nov. 3, ProtonMail, an encrypted email service, came under attack by a Distributed Denial of Service (DDoS) attack. Upon advice of “third parties,” ProtonMail paid a Bitcoin ransom.

But that didn’t stop the attacks. In fact, the service remained under a giant DDoS attack at more than 100 Gbps for the following week. Only yesterday was it finally under control.

And while the few thousand dollars it paid in ransom was by no means the worst of the fallout – the company is saying it will cost at least $100,000 to implement solutions that prevent future attacks of this size and scope – it highlights a risk of paying ransomware and other hackers: There’s no guarantee you’ll get what you pay for or that it will be the end of the ransom demands.

To give in or not?

Of course it would be foolish to tell IT pros not to pay under any circumstances. Only those who are in this situation will know what’s best for their organization.

For its part, ProtonMail is saying it will never pay another ransom demand again. But that’s their decision, and won’t necessarily be yours.

The important thing: Plan ahead. Decide before the clock starts ticking whether it can be an option for your organization. While plans may have to change, having the groundwork of your limitations in place is crucial so you’re not caught totally off-guard.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy