Should you ever pay up to ransomware criminals?


Ransomware is becoming a very popular tool for criminals. Earlier this year, Lincolnshire County Council became one of the highest profile victims of a scam that left local authority computers encrypted and whole systems shut down.

In the US, the Hollywood Presbyterian Medical Center was hit with a cyber-attack, resulting in an internal emergency as staff were unable to access patient files. According to a doctor at the hospital, the system was infected with ransomware. As a result of the attack, staff were not able to access data such as X-rays, patient information and lab work. Some have said the ransom in this case may be up to $3.6 million (around £2.5 million, AU$5 million).

According to IT security company Radware's annual report on cybersecurity, 25% of firms surveyed said they had been the victim of ransomware.

Growing trend

"It's a trend that's grown year-on-year (up from 16% last year) and that's likely to continue as professional groups become more organised and use Bitcoin," says Adrian Crawley, regional director for Northern EMEA at Radware.

The defence against such attacks as most security experts will tell you is to keep a current backup of any important data. If the worst should happen, then a quick restore will mitigate against most of the attack. But of course, this doesn't always happen and in some cases files remain encrypted and the criminals have the upper hand.

"Last year Proton Mail, a small Swiss company, had to call in Radware to help it shore up its defences when the attack it was experiencing from The Armada Collective became significantly worse after it paid a ransom," says Crawley. "Once hackers know they have your attention then there's no going back."

It begs the question, should we ever pay criminals a ransom to get back data? According to Chris Boyd, malware intelligence analyst at Malwarebytes, paying up is not a good idea.

"All too often, people say they're going to start backing up their files after they've already lost them," he says. "It's too late by that point, and the malware authors are under no obligation to hand over a key to unlock the data once the ransom has been paid."

He adds that broken decryption methods and buggy malware files muddy the waters further, and in general by paying the ransom victims are encouraging the attackers to continue foisting their ransomware on other hapless folks.

"We need to de-incentivise them from making their malware, and the best way to do this is cut off their revenue stream," says Boyd.

No guarantees

Nigel Hawthorn, chief European spokesperson, Skyhigh Networks, says that any company that considers paying even a single pound or dollar to blackmailing hackers needs to have a serious think about its actions.

Hawthorn notes: "There's no guarantee that hackers won't continue to deny access to systems, hit them with DDoS or release valuable data. It's fair to say that if someone is willing to blackmail you, they're probably not going to keep to their side of any 'deal'."

Sian John, chief security strategist EMEA, Norton by Symantec, says that if crime pays, hackers have the financial resources to find new ways to infect your devices. "This will give them the opportunity to target more people for larger amounts of money in the future," she says.

John adds that instead of negotiating with the hackers holding your files hostage, you can clean up an infected computer at home by using a tool like Norton Power Eraser which is freely available online.