ZoneAlarm Logo Facebook Google YouTube Tweeter May 2016

To Pay or Not To Pay: That is the Ransomware question

The scene reads like something out of an epic historical film - A roving band of criminal masterminds, heading through the sprawling countryside are stealing precious tomes that contain secret information of extreme value to their rightful owners. The lawless marauders hold each and every tome under a unique system of lock and key, and only they know the right way to unlock the system. If anyone else dares try to breach their locks, the systems will selfdestruct.

The henchmen tell the poor victims “Ya’all better pay up or you can kiss your precious tomes goodbye… Mwahahaha!”

Let’s go back to the shuddering victims.

Each unfortunate one wants what is rightfully his or hers. They have worked years to cultivate the information in the captive tomes. In but a moment, all has vanished, taken from them.

Each one also knows that he or she could pay up and go along their merry way, with their own tome safely out of the marauder’s hands. But they also know that by paying up, they are paving the way for more theft, more lawlessness, more corruption.


What would you do?

Sadly, this is a question that thousands of people find themselves asking each day. Ransomware, the hottest attack method for hackers at the moment affects upwards of 10,000 people in the US each day. Experts expect that number to increase over the course of the year and the unlock fee is usually between $400-600.

There are a few different methods ransomware creators may use to block access to files so they can blackmail their victims, but the biggest and baddest method uses super strong forms of encryption and this is known as crypto-ransomware. What this means essentially is that it covers files in an unbreakable layer of encryption and this is the main type hackers use today. The crypto-ransomware family includes such well known baddies as Cryptowall, Locky, TeslaCrypt, CryptoLocker and all the other ones you hear about on the nightly news. To put it bluntly, if your data has been encrypted, you’re pretty much out of luck. Sorry buddy.

And then there is encrypting ransomware. This is the main kind of ransomware that hackers use today mainly and it includes such well known baddies as Cryptowall, Locky, TeslaCrypt, CryptoLocker and all the other ones you hear about on the nightly news. To put it bluntly, if your data has been encrypted with the methods most modern versions use today, you’re pretty much out of luck. Sorry buddy.

To pay up or not to pay up, that is the question

And if you do end up getting hit with ransomware (we really, really hope you don’t though) you might find yourself asking that same question:

“Should I pay up or not?”

Paying up sure looks like the easy way to deal with the problem. Save for the necessity of setting up a bitcoin account in order to pay the unlock fee, which can be super-tricky for nontechy types, giving into criminal demands might seem like an easy and attractive option.

But here’s the thing - this is just what the hackers are hoping for. They’re hoping that you’ll feel exasperated and out of options - and enough so to pay up. And now you have just helped fund their next swimming pool, Tesla, or worst case scenario, their next bigger, badder ransomware attack.

So before you pay up, let’s discuss the reasons that paying up is not the most ideal way to handle the situation (okay let's face it, nothing about this situation is actually ideal, - ”ideal” would be not needing to deal with a ransomware attack in the first place, but we digress).

  • 1. You really can't trust hackers -Sure, they say that they will decrypt the information after you pay the fee and then everything will be a-okay. Remember that these are the same guys who just hacked your computer. Statistically speaking, most hackers do release data once they receive payment but there is no “Get your information back guarantee”.
  • 2. Paying up fuels their fire -As we said above, every time someone pays up, it reinforces the hacker’s tactics and supplies them with more funds to develop more sophisticated methods. According to Troy Gil, security researcher at AppRiver “Keep in mind that the only reason these thieves keep making these attacks is because people are paying them”. ‘Nuff said.
  • 3. They might come back for more -They say lightning doesn't strike twice but in this case it’s seriously not true. Once hackers see that you are willing to pay, they think of you as profitable and there is nothing stopping them from coming back for a second helping (and third and fourth… you get the idea).

It’s not all doom and gloom though. There are some easy preventative steps you can take keep ransomware off your computer and ruining your day:

  • 1. Create several versions of backups -This step won't actually keep ransomware off your computer but it will make it so much easier to not give in to the hackers demands. Backing up is important on so many levels but in this case, your backups can mean the difference between being in control of your data and being controlled by baddies. Make sure to have several versions of backups (don’t overwrite one backup with the other) so you will always have a clean, non-encrypted version of your files you can restore.
  • 2. Stay away from shady links and attachments -One of the main ways ransomware enters computers are via links and attachments. Let’s imagine for a moment that you get an email with an attachment or link within the body of the email. You aren’t really sure you recognize the name of the sender, but you can’t say for sure that you don’t know them.
    Chances are, this intentionally vague email is coming from someone with less-than pure intentions. To make matters even more complex, hackers might actually use hacked email addresses of people you know to make their rouse appear even more legitimate. So rule of thumb, before you open any attachment or click a link, make sure you know who the sender is and that it’s legit. Make sure everyone on your home network and at your workplace are aware of this as well - it only takes one person clicking an infected link to start an attack.
  • 3. Patch and update all software and operating systems -The other main way that malware including ransomware enters system is by exploiting critical vulnerabilities in outdated operating systems and software. By patching and updating software and your OS as directed by Windows, you effectively seal off one of the most common entry points for baddies.
  • 4. Keep your antivirus up to date -All ransomware starts out with some sort of malicious code sneaking onto your computer. A reputable antivirus program like ZoneAlarm Antivirus keeps that malicious code from being executed on your computer, thereby curtailing the ransomware in the first place.

Following these steps should greatly increase your chances of recovering from a ransomware attack unscathed.

But sometimes things aren't quite so black and white and you simply need your data. We understand that it’s not so easy to say carte blanche, “Never pay up”. If you find that you need your data and you don’t have it all backed up, (think hospitals and their patient medical records) there is one trick you can try to soften the blow: Ask the baddies for a price cut.

Oddly enough, this has worked in the past. A lot of ransomware operations have a customer support email address and you can ask them to cut you a break. Sure, we don’t approbate negotiating with terrorists but if you simply have to, you might as well get a discount. You might also want to call the police or other law enforcement agencies. They can’t really help but they like to be made aware of ransomware attacks as with all serious crimes.

Still and all, your best bet is to follow the above steps to prevent ransomware from hitting your computer. No one wants to have to pay, no matter how much of a price break you get. When it comes to ransomware, a few ounces of prevention will prove to be your very best friend.

ZoneAlarm logo

Trusted by more than 90,000,000 users worldwide

©2003-2016 Check Point Software Technologies Ltd. All rights reserved. ZoneAlarm is a Check Point Software Technologies, Inc. Company. Check Point fully supports all efforts to ensure the security, privacy, and peace of mind of everyone on the internet. Our email offers, satisfaction surveys and security communications are sent only to registered users of our software who have expressed an interest in receiving information via email. ZoneAlarm, 959 Skyway Rd., Suite 300, San Carlos, CA 94070, USA

Unsubscribe | Privacy Policy