When you should (not) pay ransomware ransom

For most of us, ransomware might not seem to pose a big threat. That is until you find yourself in front of a locked screen with a message telling that you need to pay if you want to have your computer working again.

So what should you do if you’ve become a victim of ransomware? Should you pay the ransom (which usually comes in Bitcoin) to some anonymous account? Should you just ignore the ransomware attackers and search for other ways to make your computer work again? 

As we’ll see, the answer isn’t exactly straightforward, even after you explore all your options. 

How do ransomware attacks work?

Even if you haven’t been a victim of a ransomware attacks, it still helps to know how they work to not get all panicky in case you become one.

Basically, ransomware is a kind of malware. Just like trojans or spyware, it seeks to enter your device via weak points, before springing into action immediately. Ransomware usually comes in the form of email attachments, but fake websites and app downloads are also used. Therefore there are plenty of ways to become infected.

Some ransomware penetrates deep into your OS (that’s what happened to Windows users during the Petya outbreak). Other attackers rely on persuading users to take certain actions, also known as social engineering. Either way, when the agent gains full access to your computer, there’s no easy way to root it out.

How to respond when you become a ransomware victim

When ransomware takes root, you have a choice – either pay the attackers or take the hit and have your system cleaned by the experts. In the worst case scenario, you might need to replace the computer entirely.

Let’s say you decide to pay. What are the odds of the attackers honoring their word and actually following up payment by unlocking your computer?

For example, in a high-profile 2016 attack, Hollywood Presbyterian Medical Center responded by transferring $17,000 to their attackers. After ten days without access to their computer systems, they saw no other way out. And they got lucky. The attackers were as good as their word, removing the malware, and letting medics back in.

However, this isn’t a representative case. And one study shows the actual picture in shocking detail.

What researchers are finding of whether you should pay ransomware attackers

In 2019, IT security consultants CyberEdge Group carried out their annual survey of almost 1,200 IT professionals in 17 countries. The surveyors asked whether the respondents’ employers fell victims of ransomware in the past 12 months. 56% answered positively and got extra questions whether their employers paid the ransom and whether they lost data. Here’s how the results look like:

• Didn’t pay the ransom and recovered data: 44.4%
• Paid ransom but lost their data: 17.5%
• Paid ransom and recovered data: 27.6%
• Didn’t pay the ransom but lost their data: 10.6%

These numbers don’t look good at all. Leaving alone the fact that more than half of the respondents experienced a ransomware attack, almost half actually paid the ransom. And now comes the saddest part – only 61.2% of those who paid got their data back.

In some cases, the attackers simply chose not to take any further action. In others, they supplied keys or antidotes which just didn’t work. The result was that companies and public organizations were left out of pocket and without access to their IT systems – the worst possible outcome.

Think twice about paying ransomware attackers

However, before you turn off your computers and revert to pen and paper, it’s important to note that the CyberEdge survey contained some positive news. It turns out that the consequences of not choosing to pay ransomware demands aren’t necessarily as crippling as you might think.

Of those affected by ransomware who responded to the survey, 55% decided not to pay their attackers. Luckily, only 19.2% of those cases did result in losing data for good.

However, you should take into consideration the fact that those companies which recovered their data most likely used business level backup systems and tools to remove ransomware agents. And if you don’t have these, you’re obliged to open your wallet.

How can you deal with ransomware without paying off attackers?

The data reported by CyberEdge suggests that ransomware decryption tools are an effective countermeasure and that using them is preferable to paying attackers.

Ransomware decryptors can reverse the encryption used by criminals to control your systems. This includes tools from leading antivirus companies like Avast and Kaspersky, both of whom offer free apps to start.

Each ransomware agent has its own form of encryption. Therefore you can’t be guaranteed that any tool will handle the ransomware virus. Our advice is to check sites like ID Ransomware to identify the threat. Then you can apply the appropriate decryptor to render it harmless.

When paying a ransom is advised?

Paying a ransom might be your only hope if:

• You don’t have a backup of your data
• The ransomware agent turns out to be hard to remove 
• Outsourcing the decryption to specialist companies is not possible

If you’re unlucky enough to be infected by more complex threats, do-it-yourself decryption may not be an option. In that case, you might choose to outsource decryption to specialist companies. This will almost certainly resolve the issue, but these services come at a cost.

And here’s the thing: if the cost of decryption exceeds the ransom charged by attackers, is it sensible to pay ransomware instead? Most experts would say that decryption is still the way to go (remember the CyberEdge stats above). Also, there’s almost 40% chance of paying ransomware and losing your data anyway.

Take action to protect your systems against ransomware

The best defense against ransomware is to create solid security systems and protocols which minimize the risk of infection. This cannot be stressed enough.

So, train your staff about using email attachments. Patch your OS and update your virus and malware scanners. And finally, install a good VPN to add another layer of protection.

Prevention is better than cure, as the doctors at Hollywood Presbyterian learned. But if your systems become infected, don’t panic. And don’t just pay. You may well have options to defuse the situation without giving criminals a cent.