Companies whose systems have been compromised by the WannaCry cyber attack may be contemplating paying the $300 ransom (approximately ₹19,200) rather than spending on hiring a security expert, according to industry sources.
With the first deadline to pony up the ransom ending within 72 hours of the victim learning of the attack, time is running out and corporates would rather have their systems unlocked as soon as possible, they said.
“In our assessment, many commercial enterprises are likely to pay the ransom,” a consultant working with Indian companies that have been attacked said. “The pricing of the ransom is competitive; it is intended to induce the behaviour by customers to pay the ransom. For these companies, the cost of hiring a security expert to back up data could be significantly higher, even prohibitive. I think this is also the strategy of the hackers at keeping the ransom at just $300.”
Another consultant, on conditions of anonymity, said, “We’ve had a few clients asking how they can prove that they’ve made the payment, if it is possible to claim this under cyber security insurance.”
However, a consultant which works with several of the Nifty50 companies said that there are other considerations as well. “Many large companies have stated policies against negotiating with fraudsters. Also, you cannot be sure that even if you make the payment, you will get regain access to your data.
Key challenge“The key challenge is the deadline. Many companies are trying to estimate if they have adequate data back-ups. Others want to check if they can operate with slightly dated data, and then reconstruct their current position,” he added.
The only fact that consultants across the board agree on is that the scale of under-reporting in India is huge. “Everybody is shy of the PR damage that can arise from going public on the attack. And the costs of losing business can be much more significant.”