Never pay ransoms. That’s the official advice from Europol when it comes to ransomware. They argue that making the payment helps support the cybercriminals’ business, and there is anyway no guarantee that paying the fine will get back the data.

Ransomware are computer programmes designed to extort money from users whose systems they infect. They first came to prominence around 2013, when the CryptoLocker ransomware was released into the wild. Victims are locked out of their systems, with a message promising that they can recover their data if they send money using Bitcoin or some other (difficult to trace) cryptocurrency. There is normally a deadline attached, beyond which the price is either increased or the data is deleted.

In May 2017, the WannaCry / WannaCrypt attack infected more than 230,000 computers. Major corporations, government networks, and private individuals were all affected. Often, the value of the data being held hostage by criminals far exceeded the ransom demand. No doubt many organisations discretely paid off the criminals rather than face the reputational damage of admitting they were victims.

Does paying ransoms just make the problem worse? The latest high-profile attack involves ransomware known as “NotPetya”, and has affected computers primarily in Ukraine, Poland, and Russia (as well as others in Europe and across the globe). The actual ransom part of NotPetra has apparently collapsed after the criminals’ email account was closed down, leaving victims no way to confirm payment. Either the criminals were incompetent, or this may be an even more malicious cyberattack masquerading as ransomware to provide cover. Either way, NotPetya has caused chaos in the countries affected.

Is it wrong to pay to unlock your data from ransomware? Does it encourage criminals to spread malware, making everybody less safe? Or is it better to pay a ransom than losing even more valuable data? Let us know your thoughts and comments in the form below and we’ll take them to policymakers and experts for their reactions!

IMAGE CREDITS: CC / Flickr – Blogtrepreneur


15 comments Post a commentcomment

What do YOU think?

  1. Michael Šimková

    What a Protestant question to ask. ;) It’s neither wrong nor right, it’s a decision taken under duress with no intrinsic moral value.

  2. Jannik Malte Meissner

    The answer should always be no. Make sure you have a working backup strategy and you will be fine! If you don’t know how, ask someone who does know. If you are a company, get outside help for a pull based backup strategy to be sure to be protected.

  3. EU Reform- Proactive

    The official version will always be staunchly YES.

    The historical truth & unofficial version behind ransoms paid to free kidnapped assets (incl. people) from the clutches of their criminal captors- be it from radical Muslims factions, Somali pirates or global Hackers etc differs somehow!

    What can the Masters and internet originators from Silicon Valley develop to maintain a safety gap against all their global apprentices?

  4. RJ De Wit

    A backup isn’t even necessary if you have another account on the PC being affected. At least, it wasn’t when I got hit with one a while back.

    • Josh Nolan

      That sounds possibly oversimplified.

    • Rémy Lacapère

      Google is fined based on the money it makes outs of the ads he sells…

    • Simon Ranson

      Amount and why are different things.

  5. Josh Nolan

    It’s less a matter of “Is it right” than “Is it more or less likely to actually get me my data back”. And the answer is no it isn’t.

    The only sure fire answer is regular backups to the cloud or a backup disk which is then kept offline the rest of the time. Software companies have been doing this since before ransomware became popular to prevent theft. If it’s precious, you keep it offline.

  6. Marc Chapuis

    Thanks for the question. Decades ago some european manufacturers of pcs came up with the idea that end users should pay each time they needed to format a floppy disk. Of course they lost the case. In the 90s some vendors choose to sell systems. Other open systems and mixtures of service open source software and reference implementation backed by universities allliances and small businesses or startups. Open systems open minds had to take place before the network is the computer , we are the e of ebusiness or the dot of dot com delivered. And by the way to which extent are you ready to pay for payment ? Or pay to exist check all the information that “alledgedly” defines you. Pay to create read update delete query reference discard forget all the data that cities states or organisations need to say hello mr or ms xyz . You are who you pretend to be. Or here is a ticket a ticket granting ticket here are your credentials. And by the way yes you are a citizen of this country. Yes this is a playing field for you ? Long long list that is growing. Who owns your image your digital images. And what about your family let’s say your grandchildren ?

  7. Ivan Čorak

    You are really paying for your own stupidity/lazyness. External hard drives or cloud storage have become relatively cheap enough so you can store your most vital data on these (or just on a usb). Then just delete everything on your pc, re-instal your OS, put the data back in and you are o.k. Also, don’t act like a dingus on the web and open strange files and/or visit shady places.

required
required Your email will not be published

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of new comments. You can also subscribe without commenting.