To pay or not to pay - that's the question as ransomware attacks rise

The cyber threat continues to evolve and increase, and ransomware attacks are becoming particularly prevalent
The cyber threat continues to evolve and increase, and ransomware attacks are becoming particularly prevalent

THERE is rarely a day that goes by when there isn’t a major local, national or international story about a well know organisation being hit by a cyber attack that has huge potential to disrupt the business and damage their brand.

In the past few weeks alone we’ve seen Eurovision fans in a panic after announced some of its hotel partners had been targeted by phishing scams; high street retailers WH Smith and JD Sports revealing that employee and customer data had been accessed by hackers; and perhaps most notably Royal Mail being hit with a huge ransomware demand by predominantly Russian speaking crime groups which had blocked access to critical files and stolen huge amounts of sensitive data.

It's clear that the cyber threat continues to evolve and increase, and ransomware attacks are becoming particularly prevalent, with increased targeting of business and industry in Europe and the UK, often by ransomware groups influenced by geopolitical factors such as the Ukraine war.

But it’s not just the number of attacks increasing, we are now seeing is the criminal marketplace in cyber-crime continuing to mature and develop, much the same way a legitimate industry might. The deployment of access brokers and affiliate business models means this is a complex threat that cannot be easily defeated or disrupted.

For businesses and large public sector organisations the focus needs to be on how to protect themselves, prepare and have a plan in place to respond to an inevitable attack. This applies equally to businesses Northern Ireland as in any other location around the world.

Baseline protections of ISO governance, basic cyber essential certification or installation of firewalls and anti-virus protection are useful and beneficial but given that an attack of any scale will lead to a business crisis, it’s now important to go beyond that, with effective network monitoring and alerting, cyber incident response planning and exercises involving people at Board and executive level to make sure you are prepared to deal with all eventualities.

The response to a cyber attack is a complex area. Law enforcement and statutory agencies such as the National Cyber Security Centre (NCSC) have a part to play, but now regulators, data protection authorities, government sanctions (OFAC and OFSI) coupled with mandated reporting and client notification means it is a confusing landscape that leads to a lot of questions.

How do we identify how the attacker got into our network; what did they do; what data have they taken; are they still in our systems and networks ready to strike again; and perhaps most importantly, shall we negotiate? Negotiation could be the most appropriate and cost-effective strategy but does that mean you have to pay, can you reduce the ransom amount, and if you can, should you pay?

It’s generally accepted that many companies do decide to pay to successfully mitigate the impact of the attack, but taking this route requires careful consideration, coordination, and management. Such incidents aren’t purely technical issues that IT teams and providers need to resolve, they are a board crisis that require a range of technical, communications, PR, mitigation, intelligence, negotiators, legal and sometimes payment platforms to resolve an attack.

Of course, there’s no guarantee that paying a ransom will undo the damage and some choose not to pay because they believe it will give attackers an incentive to issue more demands. If companies choose not to pay, they have to consider not only the ransom but the costs to repair the financial, reputational and legal damage of an attack.

The national Cyber UK event arrives in Belfast on April 19/20, showcasing some of the top internationally recognised and respected leaders in cyber security. We it hope will also be an opportunity for local businesses exposed to these threats to develop awareness and hear about best practice.

From their perspective, the future is worrying. With more ransomware groups, the increase of the affiliate business model or ‘franchised’ criminal groups, new tactics, and methods, reducing cyber security budgets and increasing legislation and regulation the ability of business to navigate this threat and the response is becoming even more challenging.

Unfortunately, I think ‘to pay or not to pay’ will be a dilemma facing more and more of our local businesses in the not too distant future.

:: Nihon Cyber is hosting a free event on April 19 on the topic of To Pay or Not to Pay a ransom demand, with experts examining and debating the pros and cons. More details are available at

:: Dougie Grant is managing director of Nihon Cyber Defence