The telemarketing firm The Heritage Company has become the latest ransomware victim to shut down, at least temporarily, its operations even after making a ransom payment to its attackers.
Company CEO Sandra Franecke broke the news in a letter to her 300 employees that the 61-year-old firm would suspend activities. Each was told to call the office number on January 2 for an update on whether or not to report for work, reported KATV.
In a copy of the letter obtained by KATV, Franecke said the ransomware attack occurred two months ago and she opted to pay the ransom. A decryption key was received but the IT staff has been unable to bring the systems back online.
“What we hope is just a temporary setback is an opportunity for IT to continue their work to bring our systems back and for leadership to restructure different areas in the company in an attempt to recoup our losses which have been hundreds of thousands of dollars,” she wrote.
Paying a ransom and not receiving an effective decryptor key is one of the primary reasons why law enforcement and cybersecurity pros warn against giving in to a ransomware attacker’s demands. While some cybercriminals do release files, others either don’t have the correct key or simply have permanently encrypted or wiped the data.
The other side of the argument is more pragmatic believing that sometimes a business must do what is necessary to stay in business.
Chris Bates, vice president of security strategy at SentinelOne, says there is only one truly correct answer to the problem. Take a proactive approach and update legacy defense systems susceptible to sophisticated attacks, in addition to allocating additional resources to security team staffing, training and support because the odds of regaining access to your data is not in the victim’s favor.