What does the cybersecurity and infrastructure security agency (CISA) recommend for companies facing ransom demands?

The recommendation to refuse to pay ransom demands is rooted in the broader strategy of discouraging cybercriminal behavior. When companies pay ransoms, it can create a cycle of dependency and encouragement for further attacks, as it signals that paying ransoms is an effective way to achieve desired outcomes. CISA's guidance emphasizes the importance of maintaining a firm stance against such demands to deter future incidents and protect victims from becoming repeat targets.

Moreover, refusing to pay aligns with best practices in cybersecurity and incident response. Organizations are encouraged to invest in resilience measures instead, such as improving security postures, implementing robust data backup solutions, and training employees to recognize and respond to potential threats. By not giving in to the demands, companies contribute to a collective effort to undermine the financial motivations behind ransomware attacks.

Other approaches, like immediate payment or consulting with legal professionals, might seem pragmatic in the short term but do not address the systemic issue of ransomware proliferation effectively. Consulting NIST 800-53 is beneficial for establishing security controls but does not directly address the specific situation of ransom negotiations. Thus, the focus on refusal to pay underlines a proactive, long-term strategy against cyber threats.