It’s probably one of the most stressful experiences you can have in front of a computer: after opening an innocent-looking email, a message appears informing you that your system has been hijacked. You frantically try to close the window or reboot the computer, but nothing works. You’ve become another victim of the ransomware epidemic.
But what should you do if this happens? It might be tempting to follow the instructions of your attackers, which often entail transferring certain quantities of Bitcoin to anonymous accounts. But should you pay ransomware attackers or not? As we’ll see, the answer isn’t exactly straightforward.
How do ransomware attacks work?
If you’re lucky enough to have avoided ransomware attacks, it probably helps to introduce what we’re talking about in a little more detail.
Basically, ransomware is a kind of malware. Just like trojans or spyware, it seeks to enter your local system via weak points, before springing into action immediately. The vector is generally email attachments, but fake websites and app downloads can also be used to spread ransomware. There are plenty of ways to become infected.
Some ransomware can penetrate deep into your operating system (as happened to Windows users during the Petya outbreak). Others rely on persuading users to take certain actions, also known as social engineering. Either way, when the agent gains administrative access to your files, there’s no easy way to root it out.
How to respond when you become a ransomware target
When ransomware takes root, you have a choice. Either pay the attackers or let the attack take its course and take the hit for having your system fumigated by the experts – or replace the computer entirely.
Let’s say you decide to pay. What are the odds of the attackers honoring their word and actually following up payment by unlocking your computer?
It probably doesn’t need to be mentioned, but there are no consumer protection laws governing the behavior of ransomware attackers, so whether they take mercy is down to their individual character. Sometimes they do, sometimes they don’t. There’s no guarantee.
For example, in a high-profile 2016 attack, Hollywood Presbyterian Medical Center responded by transferring $17,000 to their attackers. After ten days without access to their computer systems, they saw no other way out. And they got lucky. The attackers were as good as their word, removing the malware, and letting medics back in.
However, this isn’t a representative case. And one study shows the actual picture in shocking detail.
What researchers are finding of whether you should pay ransomware attackers
In 2018, IT security consultants CyberEdge Group carried out a survey of 1,200 security professionals – the kind of people who work with complex networks day in, day out. These people represent the front line in the battle against ransomware, so they are an excellent source of data if we want to know whether to pay ransomware attackers.
Firstly, the survey showed that the incidence of ransomware is very high, with 55% of respondents reporting an attack. Of that 55%, around 38% decided to pay off their attackers. And here’s the kicker: only half of those people actually recovered access to their files and systems.
In some cases, the attackers simply chose not to take any further action. In others, they supplied keys or antidotes which just didn’t work. The result was that companies and public organizations were left out of pocket and without access to their IT systems – the worst possible outcome.
Why you should think twice about paying ransomware attackers
However, before you turn off your computers and revert to pen and paper, it’s important to note that the CyberEdge survey contained some positive news. It turns out that the consequences of not choosing to pay ransomware demands aren’t necessarily as crippling as you might think.
Of those affected by ransomware who responded to the survey, 61% decided not to pay their attackers. In only 8% of cases did this result in companies losing data for good.
The majority of respondents found solutions to their ransomware problems, either by using data recovery systems, or tools to actively remove ransomware agents.
How can you deal with ransomware without paying off attackers?
The data reported by CyberEdge suggests that ransomware decryption tools are an effective countermeasure and that using them is preferable to paying attackers. This is good news for anyone who lies awake at night praying that their systems aren’t held to ransom.
Ransomware decryptors are available which can reverse the encryption used by criminals to control your systems. This includes tools from leading antivirus companies like Avast and Kaspersky, both of whom offer free apps that are a good place to start.
Each ransomware agent has its own form of encryption. This means that decryption tools vary in effectiveness. You can’t be certain that any tool will be able to handle the virus you’ve been infected with. So check online at sites like ID Ransomware to identify the nature of the threat. Then use the appropriate decryptor to render it harmless.
Are there any instances where a pay-off is advisable?
While it’s important to stress that the vast majority of ransomware agents can be decrypted and rendered inactive, not all are simple to remove. If you’re unlucky enough to be infected by more complex threats, do-it-yourself decryption may not be an option.
In that case, you might choose to outsource decryption to specialist companies. This will almost certainly resolve the issue, but these services come at a cost. And here’s the thing: if the cost of decryption exceeds the ransom charged by attackers, is it sensible to pay ransomware instead?
This is a judgment call for you and your team. Most experts would say that decryption is still the way to go (remember the CyberEdge stats above). And there’s the moral hazard argument, too. Should you reward ransomware attackers and embolden their activities? Aren’t you just licensing them to go onto more and bigger attacks?
It’s not easy, but you’ll have to juggle those factors in your head or at team meetings.
Take action to immunize your systems against ransomware
However, let’s go back to the beginning before closing up. The best defense against ransomware is to create solid security systems and protocols which minimize the risk of infection. This cannot be stressed enough.
So, if you haven’t already done so, train your staff about using email attachments. Patch your OS and update your virus and malware scanners. And install a good VPN to add another layer of protection.
Prevention is better than cure, as the doctors at Hollywood Presbyterian learned. But if your systems are infected, don’t panic. And don’t just pay. You may well have options to defuse the situation without giving criminals a cent.