“All my files have been encrypted, should I pay the ransom?”

Online you will find lots of articles telling victims of ransomware never to pay, however in June 2019 the city government of Riviera Beach, Florida, paid a $600,000 ransom to get their data back. Why would a civil authority do that? The answer to that question comes from the fact that there is not a simple answer for every case. According to Cybersecurity Ventures ransomware was an $8 billion problem last year.

A typical example of the “Never Pay” argument can be seen in the article in Forbes Magazine in March 2018, the author points out that according to CyberEdge Group only 19% of ransomware victims who pay get their files back and of those who do not pay 86% were able to recover files on their own thanks to regular backups.

However, is it really that simple? There is another school of thought which simply says that the decision to pay or not to pay should be made just like any other economic or business decision. Whether you are an individual, a business, hospital, or even a city there are real costs to having your data, dead in the water for days. Getting people in to help decrypt files also takes time and money.

Against this there is an argument that the hackers may, even after being paid not decrypt your files, although data on this is varied. There are of course also many moral arguments including not rewarding or encouraging criminals, potentially funding other illicit activities etc., etc. and this should all be considered. But the damage that is being done as long as those files are locked up must not be forgotten.

The individuals, cities, even some Police Departments who have paid a ransom have done it through gritted teeth but have had to make a decision based on their analysis of their individual situations. How does the cost of the ransom compare to the cost of consultants to recover the data, the cost of not being able to access the data etc.

Those people who have access to back-ups etc. and are only a little inconvenienced can easily take the moral high ground, but hospitals with critically ill patients with no access to case histories are faced with a very different decision.

At the risk of stating the obvious, but the best outcome is to avoid being infected in the first place. Here are some tips to remember:

  • Security up to date? – Anti-virus protection these days is mainly focused at malware, so make sure that you have protection and that it is regularly updated
  • System updates – Keep your devices updated with the latest updates, a lot of them are there to protect recently discovered vulnerabilities
  • Regularly back-up your data – just because your files are stored in the cloud does not keep them safe, as soon as your device syncs the infected file, you are in trouble, but some cloud storage retains previous versions, e.g. OneDrive stores previous versions for 30 days
  • Don’t click – Avoid clicking on any attachments or links unless you are 100% sure of their origin and there is no other way to get the information

 

If you are infected

Disconnect – your machine from any others and frm external drives, if you are on a network, go offline, this is to stop the ransomware spreading to other devices

Great article – to read about your options and software recommendations, click here

 

Ransomware is a multi-billion-pound business which we all need to do our best to avoid. In the event of being infected the decision to pay or not to pay is not a simple one and victims need to consider all the above. And finally, keep reading about it, the attackers will keep innovating and keeping up to date is the best defense.