When a demand for your money or your data pops up on a critical system, you have only a short period of time to decide whether to respond to a ransomware attack.
Online extortion is on the increase, as criminals use a variety of attack vectors, including exploit kits, malicious files, and links in spam messages, to infect systems with ransomware. Once all the files have been encrypted, victims can either try to recover the files on their own or pay the ransom. While there have been some exceptions, victims are seldom able to break the encryption and restore access. More often, successful circumvention of a ransomware attack involves wiping the affected systems and promptly restoring everything from clean backups.
Whether or not the organizations should pay the ransom is not a security decision -- it's a business decision. Paying encourages criminals to attack again. Not paying means lost revenue while waiting for IT to recover the files. This isn’t an easy choice, but read on for reasons to not pay the ransom.
1. You become a bigger target
As they saying goes: Do not feed the trolls -- otherwise, they'll keep making provocative statements to get a reaction. Ransomware is a little like that; paying ransom simply encourages the attackers. Criminals talk; they will tell others who paid the ransom and who didn’t. Once a victim is identified for paying up, there's nothing stopping others from jockeying for a piece of the ransom pie.
Another danger looms: The same attackers can come back. Since you paid once, why not again?
2. You can't trust criminals
Relying on a criminals to keep their word is a risky endeavor. It seems like a simple exchange -- money for a decryption key -- but there's no way to tell the ransomware gang can be trusted to hold up their half of the bargain. Many victims have paid the ransom and failed to regain access to files.
This cuts both ways: Why pay up if you don't expect to get your data back? Reputation matters, even in the criminal world.
The CryptoWall gang is well known for its excellent customer service, such as giving victims deadline extensions to gather the ransom, providing information on how to obtain bitcoins (the preferred method of payment), and promptly decrypting the files upon payment. Other malware families, such as TeslaCrypt, Reveton, and CTB-Locker, have less reliable reputations. Which can really be trusted? Paying to find out is not the best strategy.
3. Your next ransom will be higher
Extortionists typically don't ask for exorbitant amounts; the average ransom ranges between $300 to $1,000. But as more organizations succumb, criminals feel increasingly confident enough to raise prices. It’s hard to put a market price on data if the victims really, really need to get their files back.
Sign up for CIO Asia eNewsletters.