Ransomware attacks are on the rise. Here are four good reasons why you shouldn’t pay to get your data back — and one reason why people do
By Fahmida Y. Rashid
InfoWorld | Mar 14, 2016
When a demand for your money or your data pops up on a critical system, you have only a short period of time to decide whether to respond to a ransomware attack.
Online extortion is on the increase, as criminals use a variety of attack vectors, including exploit kits, malicious files, and links in spam messages, to infect systems with ransomware. Once all the files have been encrypted, victims can either try to recover the files on their own or pay the ransom. While there have been some exceptions, victims are seldom able to break the encryption and restore access. More often, successful circumvention of a ransomware attack involves wiping the affected systems and promptly restoring everything from clean backups.
Whether or not the organizations should pay the ransom is not a security decision — it’s a business decision. Paying encourages criminals to attack again. Not paying means lost revenue while waiting for IT to recover the files. This isn’t an easy choice, but read on for reasons to not pay the ransom.
1. You become a bigger target
As they saying goes: Do not feed the trolls — otherwise, they’ll keep making provocative statements to get a reaction. Ransomware is a little like that; paying ransom simply encourages the attackers. Criminals talk; they will tell others who paid the ransom and who didn’t. Once a victim is identified for paying up, there’s nothing stopping others from jockeying for a piece of the ransom pie.
Another danger looms: The same attackers can come back. Since you paid once, why not again?
2. You can’t trust criminals
Relying on a criminals to keep their word is a risky endeavor. It seems like a simple exchange — money for a decryption key — but there’s no way to tell the ransomware gang can be trusted to hold up their half of the bargain. Many victims have paid the ransom and failed to regain access to files.
This cuts both ways: Why pay up if you don’t expect to get your data back? Reputation matters, even in the criminal world.
3. Your next ransom will be higher
Extortionists typically don’t ask for exorbitant amounts; the average ransom ranges between $300 to $1,000. But as more organizations succumb, criminals feel increasingly confident enough to raise prices. It’s hard to put a market price on data if the victims really, really need to get their files back.
It’s simple economics. The seller sets prices based on what the buyer is willing to pay. If victims refuse to pay, attackers have no rationale to raise the ransom amounts.
4. You encourage the criminals
Take the long-term view. Paying ransom restores the data for the organization, but that money will undoubtedly fund additional criminal activity. Attackers have more money to spend on developing more advanced versions of ransomware and more sophisticated delivery mechanisms. Many cyber crime gangs operate like legitimate companies, with multiple revenue streams and different product lines. The money from ransomware schemes can be used to fund other attack campaigns.
Paying the ransom feeds the problem.
One reason to pay
Each of the above arguments are perfectly valid. But there’s a compelling reason why many wind up paying: They need their files back. They don’t have a choice.
Many victims may also decide to pay out of fear that if they don’t, the attacker will cause more damage in retaliation.
Organizations who opt to pay are not alone. In a recent BitDefender study, half of the ransomware victims said they paid, and two-fifths of the respondents said they would pay if they were ever in that situation. Industry estimates suggest the CryptoWall gang has extorted victims out of more than $325 million since June 2014.
An ounce of prevention …
It can’t be stressed enough that persistent backups make it possible for organizations to recover from a ransomware infection without having to pay the criminals. A good backup strategy includes Linux, Mac OS X, and Windows. This is not a Windows-only problem, as ransomware has been found for all three operating systems. Mobile devices aren’t immune, either. Think holistically across all platforms.
A pound of cure
Not paying ransom is the better decision, but organizations should not be shamed of giving in to attackers’ demands. It’s a complicated question, and each organization should make the call most appropriate for its situation. But once paid, take precautions so that if another ransomware infection strikes, not paying at all becomes an easier choice to make.
Prevention pays off.
Read the entire article at the following link: