Ransomware - To Pay Or Not To Pay?
Ransomware such as WannaCry is used to extort money from people and organisations who are told that their important data is locked away until they pay a ransom. If you become a victim of ransomware, should you pay? Even if you do, will you get all of your data back?
Experts Say ‘Don’t Pay’
The WannaCry global attack has reportedly led to over 126,000 ransomware infections worldwide. PC users have been advised to update Windows to ensure that they are protected.
When vital and possibly irreplaceable data has been “lost” through forced encryption, £230 may seem like a small price to pay, but the expert advice for those affected by ransomware is ‘don’t pay’.
Some people seem to have been more than willing to fork out the money, according to a Twitter bot tracking the digital wallets set up to receiving the ransom, which is paid in Bitcoin. To date, £39,000 appears to have been paid to the attackers.
Returning Your Data Intact, Unlikely With WannaCry
However, the bitter truth is that even if you do pay the ransom, the actual chance of them being able to regain access to your files is probably next to nothing.
Aside from the fact that an honest transaction is not a given when dealing with criminals, WannaCry does not seem to have been built in a way that actually facilitates the efficient return of data access. Manual action will need to be taken to activate decryption (which looks unlikely to happen), and a viable decryption method may not even be a part of WannaCrypt’s code
even if victims pay to request a key to restore access, many security experts agree that, in reality, victims are unlikely to receive any response after paying.
What Does This Mean For Your Business?
In the case of WannaCry, although the global spread was huge, many home and business computer users are likely to have automatically installed a Microsoft update / patch that provides some protection.
The advice from many security commentators for those businesses unfortunate enough to suffer a ransomware attack is not to pay the ransom. Not only is it unlikely that you will get all of your data back if you do pay (some ransomware deletes files anyway), but you are unlikely to receive the key that will unlock your files, or indeed, any response at all from the people you pay the ransom to.
The best advice for businesses must surely be to be prepared and take security measures to ensure that your business is adequately protected in the first place against the known methods of malware (including ransomware) attacks. Investing in security now and in keeping security systems up to date is likely to be much better and more cost effective than paying ransoms, paying for disaster recovery and suffering the effects of business disruption, lost customers, and reputational damage that are the results of successful cyber attacks.
Sensible measures that businesses should take include taking regular and secure back-ups of your important files and data on a separate (secure) drive, machine, or in the cloud, the training of staff in spotting and dealing with cyber security threats, keeping software updated and patched, focusing on risk assessment and management, conducting penetration tests, tightening of data protection, having Disaster Recovery and Business Continuity Plans in place, and having a focus from the top down on IT governance and increasing cyber resilience.