Why You Should Never Pay a Ransomware Ransom
Mike Smith, Network Infrastructure Consultant Sophicity: We put the IT in City
In the wake of a recent ransomware attack at the City of Atlanta, the question has been raised (again) about whether to pay a ransom or not. It appears the city ended up not paying, but other cities and government entities have done so. Unfortunately, IT professionals and law enforcement sometime give mixed signals about paying ransom. But you should never pay. Here’s why.
1. It is never guaranteed that criminals will unencrypt your data.
Criminals often ask for thousands of dollars in ransom. Would you take thousands of dollars from your city treasury and then flip a coin to see if you keep it? That’s essentially what happens when you pay criminals.
According to SentinelOne's Global Ransomware Report 2018 (reported in KnowBe4), “45% of US companies hit with a ransomware attack last year paid at least one ransom, but only 26% of these companies had their files unlocked.” Yes, only 26 percent! With such a low chance of your ransom actually unencrypting your data, it’s not wise to throw thousands of dollars at criminals. Plus, if you pay, criminals may also ask for more money or target you again—viewing you as a nice source of revenue!
2. It is never guaranteed that criminals will restore your data as it was.
Visit the League’s website!
Visit the Events section frequently on the SDML website, www.sdmunicipalleague.org, to find out what meetings and trainings are coming up.
38
Once you get your data back, do you know for sure that it’s unaltered? If criminals had access to it, they could do anything with it. Delete some of it. Corrupt it. Implant malware into it. Who knows? These are criminals. You can’t trust them.
In some cases, ransomware attacks are led by sophisticated nation states or professionally organized criminal syndicates with deep pockets and resources. Who knows what they’ve done with and to your data before they give it back.
3. It is never guaranteed that criminals will no longer have access to your data. Remember, these criminals held your data hostage. By paying a ransom, you are trusting a criminal to perfectly return your data back to its previous state. And maybe they’ll also nicely clean up the mess they made to your data, computers, and network—and lock the door behind themselves on the way out?
Don’t bet on it. How do you know they don’t intend to still use the data they held hostage? You don’t know for sure if criminals accessed your data, still have your data, and intend to use your data for malicious purposes. 4. You’re supporting a criminal enterprise by paying the ransom.
Why is ransomware so rampant right now? Because it works. People are falling victim and then paying the ransom. If no one paid, criminals would not make money. If you pay the ransom, you’re funding criminal activity and encouraging it to continue. It’s no different than traditional blackmail or ransom. By not paying the ransom, you’re helping to cut off the lifeblood from these crime rings. 5. You’re further avoiding taking proactive steps to protect your environment.
A CBS News article about the City of Atlanta’s March 2018 ransomware attack said:
Atlanta was warned months before a recent cyberattack that its IT systems could easily come under attack if they weren't fixed immediately, an internal audit obtained by the CBS affiliate WGCL-TV shows. In the 41-page audit, which was presented to city leaders last summer, the city was told that its IT department was on life support and that were no formal processes to manage risk, WGCL-TV reports. SOUTH DAKOTA MUNICIPALITIES
