事实是，越来越多的组织为了恢复数据而支付赎金。事实上， 70%的业务 受到勒索软件攻击，最终向攻击者支付了数千美元。甚至是地方政府 已支付赎金 重新获得重要服务。不管我们如何告诉对方我们会采取不同的做法，事实是，当你的数据消失，你开始失去客户或错过最后期限，你将付出几乎任何代价来纠正问题
但不管怎样，诚实是很重要的- 与您自己、您的C-suite、您的董事和其他利益相关者- 关于你如何应对成功的勒索软件攻击。当你对支付赎金的情况有了明确和务实的认识，你就可以制定更有意义的计划。首先，你的IT预算中包括赎金支付的成本，以及如果你给网络罪犯现金，你必须支付的罚款。你的首席执行官可能不喜欢为比特币转帐给黑客做预算，但与其被意料之外的成本蒙蔽双眼，不如提前计划
Mike Tyson used to say, “Everyone has a plan until they get punched in the face.” It’s much the same with ransomware attacks: No matter how much you insist that you’d never pay a ransom, your plans go out the window the first time you see all your organization’s computers showing that “You’ve been hacked” screen.
The truth is that organizations are increasingly paying ransoms to recover their data. In fact, 70% of businesses hit by ransomware attacks wind up forking over thousands of dollars to their attackers. Even local governments have paid ransoms to regain access to vital services. No matter how much we tell one another that we’d do things differently, the reality is that when your data disappears and you start losing clients or missing deadlines, you’ll pay virtually any price to put things right.
Rather than virtue-signaling with a blanket “We never pay” statement, organizations need to be realistic about the specific circumstances in which they’d pay a ransom. If you’re a hospital and people will die if you don’t get your computers back online STAT — yes, it’s better to pay up. If you’re in a less critical field, and it’s just a question of waiting around while your backups come online, maybe you can ride it out without paying.
But either way, it’s important to be honest — with yourself, your C-suite, your directors, and other stakeholders — about how you’d respond to a successful ransomware attack. When you’re clear and pragmatic about the circumstances in which you’d pay a ransom, you can make more meaningful plans. That starts with including the cost of ransom payments — and for the fines you’ll have to pay if you give cash to cybercriminals — in your IT budget. Your CEO might not enjoy budgeting for Bitcoin transfers to hackers, but it’s better to plan ahead than to be blindsided by unanticipated costs.