As WannaCry ransomware took hold of hundreds of thousands of computers last week, victims were left with a difficult choice: should they pay the ransom for a chance to get their files back? It’s not an easy answer, and it depends on a few key factors.
But First: Get Help
Before you get to the decision of whether or not to pay the ransom, you should look online for websites and tools to help decrypt your files and remove the ransomware. Dedicated websites such as nomoreransome.org and bleepingcomputer.com provide tutorials, tools and advice for victims.
Your best bet is to explore previous questions that have already been answered, but you can post your own case and hope someone helps you out. Odds are, they will ask you to run a few tools to help them identify your strain of ransomware and determine whether or not they can help you.
Does Paying Up Even Work?
Unfortunately, statistics are a little hazy on whether or not criminals will actually decrypt your files once they’ve been paid.
The first school of thought says that criminals are incentivized to free your files, or else other people will hear about it and see that paying up doesn’t help. As Stanford University CISO Michael Duff puts it, "If you know for a fact if you pay, you won't get your key back, no one's going to pay."
On the other hand, the Department of Homeland Security's Neil Jenkins argues that "Paying a ransom is not a guarantee you're going to get access back to the system... We know of cases where folks have paid the ransom and then been targeted again."
There’s no one-size-fits-all answer, so your best bet is to try and find out the strain of ransomware that’s on your computer and do some research to see whether or not the criminals behind it are known for honoring the terms of their ransom.
The Ethics of Paying Criminals
Law enforcement agencies advise against paying ransomware demands, because it means you are funding criminal organizations – and also encouraging their behavior by rewarding them.
But the reality is, most people and organizations can’t afford to take a moral stand against ransomware. For instance, England’s National Health Service was impacted by WannaCry – would it be wrong for them to pay up, freeing their system to service thousands of patients? Should auto manufacturers shut down for a week, losing millions of dollars, because they shouldn’t shell out a couple thousand?
If all you have to lose are some music files and old documents you haven’t backed up, then yes, you should probably just format and rebuild your computer.
How Much Are Your Files Worth to You?
Rescuing your computer from ransomware is pretty straightforward, but doing so without losing your files in the process can be quite difficult. In some cases, an infected workstation can encrypt all the files it has access to on the company's server, which if lost would put the company out of business.
Many people are getting better about backing up their files, especially with cloud storage services like Dropbox and Google Drive becoming ubiquitous. But it’s not uncommon for some files to go overlooked, or for users to fall a bit behind with their backups. Some crucial files you might have on your system include:
- Tax information
- Resume and cover letters
- Business documents and files
- School projects, papers and study guides
- Important personal files such as family photos
- Creative projects such as novel drafts or video projects
If you want to get a better sense of the costs vs. benefits of paying, you should make a list of the files you’re likely to lose and determine how much they’re worth to you. Will you lose more than a few hundred dollars in productivity if you don’t get your projects back? Are your photos worth paying for or do you rarely look at them anyway?
If it helps, you can try assigning a dollar value to each file or set of files, and add up the cost. Does it outweigh the ransom? Deciding whether or not your data is worth the price will be a very personal choice.
Making this Dilemma Irrelevant
No article on ransomware is complete without this final warning message: don’t let it happen to you. Malware and ransomware are still successful because so many people are working with outdated software and operating systems. According to Kaspersky Labs, 97% of the machines infected with WannaCry were running Windows 7, which contains a software vulnerability called EternalBlue. Ransomware is avoidable, and it’s your responsibility to ensure that your system is not needlessly unsafe.
If you have been struck by ransomware in the past, be sure to close the security gaps in your system, and make any requisite changes so that it is no longer a target to the ransomware with which it was infected in the first place.
If you would like to learn more about the threat of ransomware, see the 2016 Datto Ransomware Report. And as always, if you have any further questions or if you need help protecting your organization against this threat, contact Switchfast today.
Written by Nik Vargas