Ransomware: To Pay or Not to Pay?

Season 3, Episode 6: Two seasoned cybersecurity professionals, Bryan Willett and Kris Lovejoy, shed light on the dilemma organizations face when hit by ransomware: Should they pay the ransom or not?

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

Ransomware: To Pay or Not to Pay? It’s an easy question, and we all have the same ideal answer, but how often does life throw us simplicity? Rarely.

This week on Adopting Zero Trust, we continue our conversation that looked at the role cyber insurance plays in organizations and drill into one of the most challenging topics associated with it: Ransomware. And, because this is a heavy subject, we brought in two heavy hitters from past episodes to share their perspectives, Kris Lovejoy and Brian Willett

TL;DR

• Paying ransomware ransoms is a complex decision that depends on various factors, such as the potential impact on the organization's services or employees.
• Having robust and tested backups is crucial in a ransomware situation, but organizations must be prepared for scenarios where ransomware affects backups.
• Cyber insurance can help mitigate the financial impact of ransomware attacks, but organizations should be cautious and consider all the potential outcomes.
• Avoiding ransomware attacks requires a proactive approach, which includes implementing hardening standards, good practices around vulnerability management, enforcing compliance on systems, and having good identity protection.
• AI holds promise in the cybersecurity sector, but its role in ransomware attacks is still in its infancy.