E-Sports Entertainment Association (ESEA), a business that hosts competitive video game tournaments, said hackers released stolen personal data about its users after it refused to pay a $100,000 ransom in late December, Fortune reports.
LeakedSource, a group that monitors stolen databases, confirmed the data of approximately 1.5 million ESEA users were compromised.
Meanwhile, Los Angeles Valley College (LAVC), a community college in the Los Angeles area, also announced it was recently hit with a ransomware attack. But unlike ESEA, LAVC decided to pay the ransom in order to recover their data, according to media reports.
Both organizations indicated they contacted cybersecurity experts and law enforcement prior to responding to the hackers. The two cases and varying responses illustrate the importance of ensuring companies are provided clear guidance on how to deal with such situations.
The FBI has repeatedly advised companies not to pay ransoms as it only encourages hackers and does not guarantee they will decrypt the data or that they won’t use the data elsewhere. But, as evidenced by the ESEA case, that doesn't always go so well for companies.
Ransomware is growing fast, with payments expected to reach $1 billion in 2016. That’s up from $24 million in 2015. Until a better solution comes along, regular data backups remain the best way to protect an organization from ransomware.