The telemarketing firm The Heritage Company has become the
latest ransomware victim to shut down, at least temporarily, its operations
even after making a ransom payment to its attackers.
Company CEO Sandra Franecke broke the news in a letter to her
300 employees that the 61-year-old firm would suspend activities. Each was told
to call the office number on January 2 for an update on whether or not to
report for work, reported KATV.
In a copy of the letter obtained by KATV, Franecke said the
ransomware attack occurred two months ago and she opted to pay the ransom. A
decryption key was received but the IT staff has been unable to bring the
systems back online.
“What we hope is just a temporary setback is an opportunity
for IT to continue their work to bring our systems back and for leadership to
restructure different areas in the company in an attempt to recoup our losses
which have been hundreds of thousands of dollars,” she wrote.
Paying a ransom and not receiving an effective decryptor key is one of the primary reasons why law enforcement and cybersecurity pros warn against giving in to a ransomware attacker’s demands. While some cybercriminals do release files, others either don’t have the correct key or simply have permanently encrypted or wiped the data.
The other side of the argument is more pragmatic believing
that sometimes a business must do what is necessary to stay in business.
vice president of security strategy at SentinelOne, says there is only one
truly correct answer to the problem. Take a proactive approach and update
legacy defense systems susceptible to sophisticated attacks, in addition to
allocating additional resources to security team staffing, training and support
because the odds of regaining access to your data is not in the victim’s favor.