From securityboulevard.com
ncreasingly, when ransomware successfully infiltrates and encrypts a large company’s data, they pay the ransom, which comes as a surprise to many. For instance, when Colonial Pipeline was hit by a ransomware attack in 2021 and shut down operations, the company paid a $4.4 million ransom to recover its business systems. It’s unthinkable that a company of that size responsible for such critical infrastructure wouldn’t have backups in place. Why not just recover their data from the backups the company almost certainly had?
According to a report in the Wall Street Journal, Colonial’s CEO said the company decided to pay the ransom because they were unsure how badly their systems had been breached and didn’t know how long it would take to bring them back. The issue, ultimately, was that of time to recovery. Colonial decided it would be less expensive to pay the ransom to gain the decryption key than it would have been to wait until they could fully recover from their backup files—even though they knew it would take weeks to fully decrypt the affected data.