Ransomware: Should you just pay up?

November 9th, 2015
Many companies are faced with the decision of paying an attacker when their data is held up for ransom, however JORNT VAN DER WIEL believes that companies should not pay the ransom, as if they don’t, there is no business model for the hacker.

The problem with ransomware (a malicious software used to block/encrypt access to a computer/device until a ransom is paid) is that it doesn’t seem to be getting any better. In fact, recent examples of wide-spread ransomware attacks, like CoinVault and CryptoLocker, indicate that cybercriminals are increasingly using these types of attacks.

At a recent Cyber Security Summit in Boston, the FBI advised companies that fall victim to hacks involving ransomware to pay the ransom. They were quoted “To be honest, we often advise people just to pay the ransom”.

Many companies face ransomware attacks and ask themselves: to pay or not to pay? In the security industry, however, we believe that paying criminals does not make the ransomware problem go away and should not be encouraged. If you pay, you keep the criminal business model rolling. If you don’t, there is no business model for them anymore.

Moreover, paying up will not guarantee that your files will be retrieved. Instead, think about securing your system, in advance. Today, ransomware is a very popular way of earning money for criminals, and the risk of infection is high. This is why it is essential (both for corporate and individual users) to make backups; to keep antivirus software updated; not to open any suspicious links or attachments; and be careful of the social engineering techniques used by criminals, to infect your files.

If your files are being held at ransom, first check to see if decryption keys are available – as often they are, which means that it may be possible to get your files back, at no cost.  In fact, Kaspersky Lab recently collaborated with the Dutch police on the CoinVault ransomware attacks, and the result was amazing – it led to the extraction decryption keys and the development of a decryption tool to help victims retrieve their files without paying any ransom. The Dutch police even caught the suspects, so there is always a hope that criminals will be caught and you’ll get your files for free.

So for us, the best possible solution is prevention. While today’s threats are becoming more sophisticated, we have found that too many users – both on the corporate and consumer side – could improve their cybersecurity practices to ensure they don’t fall victim to such attacks. It is important to choose the most effective protection available and ensure that this solution is updated regularly for the devices you use to be fully protected from such attacks. A good practice is also backing up files regularly and ensuring that you are aware of the types of ransomware attacks taking place.

If, however, you or your organisation does become a victim of ransomware, we urge you to first check this out and seek professional advice – certainly don’t pay the criminals.

* Jornt van der Wiel, Security Researcher at Kaspersky Lab’s Global Research and Analysis Team

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 8 =