To pay or not to pay… with ransomware that is the question. You’ve heard of others who have gotten their files back by paying the ransom. You’ve calculated the costs and you know that it would be cheaper and faster to pay-up then to try and restore those files. Or maybe you’ve actually already paid a ransom, had your files returned and find it pretty resentful that some security company is telling you that you shouldn’t have done it.
I’m one of those guys at a security company. And I completely get it. I understand why you paid or why you are considering it. I’m not even going to argue that you will not get your files back. Most, but not all, people do get their files back. But there are consequences to paying that ransom. And before you pay I hope you would at least consider them.
First of all, paying the ransom may get your files back, but it doesn’t remove the malware. If you paid the ransom and not cleaned the threat off your machine stop reading this right now and go do it. Or you’re going to be victimized again. Actually you are likely to be victimized again even if you do clean up the malware, because you now have a reputation as someone who pays up.
You’ve also signaled to the bad guys that your industry is susceptible to this type of extortion. Bad guys go where the money is. You’ve just indicated there is money to be had in the State & Local Government market. When word gets out they will start targeting the industry.
And, you are likely to find the ransom to be a lot higher next time. This is pure market dynamics. When there is a product people are willing to pay for, the price goes up. Same with extortion.
Finally, you’re financing the bad guys. Your money is going to be spent on improving their “product” and infecting more people. You’ve helped them.
At Symantec we think the best approach is not getting into a position where you need to decide about paying the ransom. You need to make your systems secure and have good back-ups so if infected you can restore those file. Register today to hear from your peers on the upcoming Center for Digital States Performance Institute webinar on Wednesday, 9/28 at 11amPT on the topic: Is Your Future Being Held for Ransom by the Changing Nature of Cyber Security Threats?