Have you ever watched one of those movies where a politician was caught in a comprising position with another man or woman that wasn’t their spouse and blackmailed?
Sometimes the plot would involve ordinary members of the public coerced into robbing banks or handing over their life savings.
These plots may sound fanciful, but the internet has allowed a growing number of criminals to act out these ransoms in real life and hold companies and people to ransom for money.
Here’s what you need to know about whether to pay ransomware.
What is Ransomware?
Ransomware is malware that is placed onto a computer through a hack that makes the computer inoperable by the person to who it belongs. This could involve blocking it so the user cannot turn it on or preventing access to vital and important documents.
A criminal will hack into the person’s computer, perhaps through a suspect link in a phishing email or via a seemingly innocent link on Facebook.
After obtaining access to your computer and locking you out, you will receive a message from a criminal hacker asking you for money to allow you to access your computer.
They will often be time-limited and, so the criminals say, failure to comply will result in your computer and all your details being erased.
Big companies that have lots of money are often the target of such breaches as it would cost them lots to build a new system. Even entire cities can be targeted.
You Are Encouraging and Supporting Blackmail
It is easy to think in such a ransomware scenario that the easiest option is just to pay it and move on with your life or to allow your company to take a hit. But this seemingly easy solution might make the problem worse.
For every ransom that is paid, you prove to the hackers that their business model works. Hackers are often hard to trace and often operate from a different country to the ones where they carry out the hacks. They feel they are above-the-law.
Hackers Make Lists of Easy Victims
Hackers also make lists of people and companies that pay up and pass this around within their criminal network so even if you were to get your computer’s data resorted, you may find yourself targeted again for more money.
Healthcare companies are often targeted. The NHS in the U.K was once a target because hackers believed the government would pay up and that their security was probably lax due to budget constraints.
Whilst security is important no system is impenetrable and whilst one hack might have exposed some vulnerabilities that you can address, once a hacker knows you pay up, they will increase the number of resources they invest in hacking you again.
As a company, you might simply not be able to afford the sophisticated protection that you would need to fend off multiple attacks by determined hackers who view you as ‘soft touch’.
Paying ransomware is also morally wrong as you are bankrolling a criminal enterprise rather than taking a stand against it.
It Could Be an Empty Threat
It can be hard to gauge how seriously hackers’ threats are. Whilst the ransomware might have locked you out of the system or limited your ability to work, you do not know the full extent of the power that the hackers have.
Be extremely cautious of threats to hack your computer via email as you don’t know if the hackers will follow through with their threat. They could simply be bluffing to get you to hand over money.
Paying the ransom and engaging with the hackers could lead to you being labeled an easy target and put on target lists.
Paying the Ransom Is No Guarantee You Will Get Your Data Back
Does paying ransomware work? The answer is, unfortunately, probably not. Even if you pay it you may not get your computer or network resorted. The hackers might also refuse to give back stolen data.
This means you could then end up having to pay twice. You would pay the ransom only to then have to pay for a specialist to fix your computer as well or for a whole new system.
Hackers think about ransomware as a business – they only target clients that they think they stand a good chance of getting money from. Once they have your money through the ransom, they are finished with you.
Restoring your system would simply be an act of charity on their part and not something that is going to help them generate more money, so the chances are they won’t bother.
Should You Pay Ransomware? The Answer Is No
It is easy to ponder over the question should you pay ransomware? After all, it can seem like a quick and easy solution to your problems, particularly if you have the money in savings.
But the reality is paying ransomware won’t guarantee that you will get you what you want. You have no way of knowing whether the hackers can and are even able to return your computer’s data or the whole network to you.
If you pay them, you could end up having to pay twice as the hackers could take the money and leave you to pay again to fix your computer.
Paying ransomware also makes you an easy target. Hackers operate in a criminal network and communicate with each other.
They can create lists of companies and individuals that have paid ransomware in the past: other hackers will then put more effort and energy into hacking them because they know they will pay up.
Paying a hacker is also wrong as it means you are encouraging illegal and damaging activity.
If you are interested in understanding how to protect yourself from ransomware be sure to check out our security training.