David Balaban

Attacked by Ransomware? Here’s Why You Shouldn’t Pay Up

If you have fallen victim to ransomware and there is no data backup, you aren’t very likely to get your files back unless you pay. In most cases, the only choice you can make is to pay with your money or with your data – that’s it. Obviously, neither option is suitable.
Cybercrooks are clever enough to demand affordable ransoms. Their “pricing” criteria include the victims’ country of residence, the size of affected business, and the like. For victims living in prosperous
countries, $500 - $1000 is a typical cost range for redeeming all personal
photos, videos, tax documents, work files, etc. This amount appears to be even more appropriate for companies to move on with their normal operation without losing valuable records and customers. Lots of individuals and organizations pick what seems to be the lesser of two evils and actually pay those ransoms.
This is the fundamental problem, though. The victims who succumb to the extortion end up fueling the ransomware economy and unwittingly cause a domino effect. Ultimately, the most impactful method to stop the epidemic in its tracks is to refrain from submitting the ransoms and thereby make this filthy business unprofitable.
Scenarios, where lives depend on data, are rare but probably possible, and yet in most cases, the infected users can get over the predicament without coughing up the ransom. Non-payment is half the battle, though. We should additionally spread the word about it to incite public discussion regarding the pitfalls of funding cybercrime this way.
Email providers have set a good example of how to deal with electronic extortion. In contrast to the classic ransomware raid through unauthorized data encryption, these companies are mostly targeted by DDoS attacks that knock their IT infrastructure offline. The adversaries then demand money for discontinuing the incursion. A number of popular email services, including ProtonMail, Hushmail, and Runbox, fell victim to such onslaughts in 2015 but refused to pay the ransoms. As a result, attacks of that kind are hardly ever occurring these days.
One more thing to keep in mind is that users and businesses need to be proactive in terms of reducing the possible damage. If some data is really important, it should be backed up. Laziness is a lame excuse for failing to do so. It’s your responsibility to safeguard critical elements of your digital life, so be sure to back up the most valuable information.
Cybercrime is evolving and so does digital extortion. The newsmaking WannaCry and NotPetya ransomware outbreaks disrupted numerous industries around the world, including components of critical infrastructure. The computer network of San Francisco’s Municipal Transportation Agency was badly affected by a ransom Trojan several years ago. Obviously, the perpetrators are becoming more ambitious. Security analysts predict ransomware attacks targeting medical devices and growth of onslaughts against the Internet of Things, including wearable gadgets and smart home appliances. These connected entities are notoriously insecure.
The ransoms paid to the felons today can be used to orchestrate more sophisticated extortion campaigns tomorrow.
To top it off, with the ill-gotten money in their digital wallets, criminals can take their activities beyond extortion. Terrorism financing is merely one of the likely outcomes.
It’s noteworthy that in some countries paying ransoms can be categorized as an act of funding criminals.
Although the ransomware plague has been going through ups and downs over the past few years, it continues to be a major issue – obviously, because lots of victims pay up.
However, you never even know whether you will get your data back after sending the ransom. There are plenty of stories with a “happy ending” on the Internet, but it turns out that many of them are fake and were posted by the crooks themselves to encourage users into paying.
Furthermore, many companies are reluctant to admit publicly that they were hit and coerced to submit ransoms.
In case you agree to pay, bear in mind that things may not go as smooth as you expect. Even if the black hats follow through on their promise and actually provide the decryption key, you may run into recovery problems such as software glitches due to flaws in the ransomware code. In the aftermath of this, you run the risk of losing both the money and the data.
Here’s some extra food for thought: if you pay the ransom, the crooks will think you are a juicy target and may try to attack you again. Not only may they re-infect your computer via a backdoor dropped in your system, but they are also likely to ask for another payment after you have made the first one. Given that covert malware injected during the original attack can be leveraged as a launchpad for future contamination, it might be a good idea to wipe your drive or rebuild the enterprise network after you restore all the encrypted files.
Sending the ransom can be a hasty decision. Do your homework and search online for information regarding the strain you have encountered. Quite a few ransomware families have been cracked by researchers and can be decrypted for free. A couple of examples include GandCrab, HiddenTear, CryptXXX, and CrySiS.
You can also browse ransomware forums on the Internet for updates on possible recovery breakthroughs. Some of these free decryption tools take advantage of cryptographic imperfections in crude ransomware variants. In some cases, though, the extortionists release the private keys themselves out of compassion for the victims or because they quit the dirty business.
Instead of paying the ransom right away, be sure to try all known methods of recovery first. Even if there is no free decryptor available at the moment, don’t rush into paying. Numerous experts are busy looking for loopholes in the way different ransomware versions implement crypto. Take your time and stay on top of the issue – perhaps the solution is on its way. And, most importantly, back up your information further on.
By the way, some ransomware pests display a scary countdown saying how much time you have left before the size of the ransom increases. A useful tip is to get into the BIOS and set the current time back. Doing so will give you some more time to look for recovery options.
I want to finish my article with several tips on how to avoid ransomware infections:
1) Block the possibility of opening JS files received by e-mail.
2) Block the opening of email attachments that arrive as archives or executables.
3) Regularly install all Windows security updates.
4) It is also worth updating all programs you use most often.
5) Install and regularly update the antivirus. Perform systematic full disk scans.
6) Avoid using accounts with administrator privileges.
7) Be careful with public Wi-Fi. Use a VPN.
8) Use reliable hosting providers for your websites.
9) Think twice before clicking any suspicious web links.
10) Use strong passwords everywhere. Do not reuse passwords.

Tags