2020 saw a significant increase in the number ransomware attacks due to the expanded attack surface and vulnerabilities caused by the pandemic and distributed workforce. On top of that, in October 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory noting that companies can be fined if they make a ransomware payment. This leaves companies in a tough spot – especially smaller ones with limited means that may be facing an existential crisis when they get attacked by ransomware.
It’s understandable how companies can become generally frantic after getting hit with ransomware: They can’t access their data, they can’t operate their business and they don’t know what to do. The government tells them not to pay ransom but the insurance company, if they have cyber insurance, is saying to pay the attacker.