Ransomware: 8 Reasons You Shouldn’t Pay the Ransom

If you’ve been infected with ransomware, you should think twice before paying the ransom. While it may seem like the easiest way to regain access to your files, it could have some serious consequences. Here are seven reasons you shouldn’t pay the ransom.

If you have any additional question about ransomware or how to best protect your business from getting infected, please don’t hesitate to contact us.

1) You May be Infected with Fake Ransomware

Not all malicious software demanding money is actual ransomware. By definition, ransomware is a type of malicious software that restricts access to the victim’s computer data until a ransom is paid. Even if a pop-up message demands payment in exchange for unlocking your files, it could be fake ransomware — and paying it will have no effect on whether you can access your files.

According to a Citrix study of 200 companies in the UK that had been infected with fake ransomware, 63 percent of them paid the ransom. Fake ransomware looks like the real deal, but it doesn’t lock or otherwise restrict access to your files. Many victims end up paying it, however, because they believe their files are encrypted and want to regain access as soon as possible.

2) It May Ask for Additional Money

Another reason you shouldn’t pay the ransom is because it may ask for more money. In 2016, Kansas Heart Hospital in Wichita was hit with ransomware, which it paid in hopes of regaining access to its data. Soon after, however, the hackers demanded even more money. The hospital declined to pay the second ransom, opting for damage control instead.

Stories such as this are are all-too-common. The hackers behind the attack see the victim is willing to pay, so they try to extort additional money from them. They may ask for a second ransom, and then a third, and so on until the victim out of money.

3) There’s No Guarantee that You’ll Regain File Access

Arguably, the biggest problem of paying the ransom is that you may not regain access to your fires. You’re dealing with cyber criminals, most of whom aren’t particularly trustworthy, nor do they really care about restoring your file access. You might pay the ransom, only for the hackers to leave your files encrypted.

4) It Funds Illicit Activities

The money hackers extort from their victims through ransomware attacks will probably be used to fund future ransomware attacks and other illicit activities. Hackers can use it to purchase new computers, servers and software, allowing them to target even more victims with malicious software.

If you pay the ransom, you’ll encourage hackers to continue the attacks. Not paying, however, has the opposite effect by showing there’s no money to be made.

5) The FBI Discourages it

On its official website, the Federal Bureau of Investigation (FBI) says it doesn’t support paying a ransom if you are the victim of a ransomware attack.

The FBI acknowledges that ransomware attacks are becoming more common and more sophisticated. Nonetheless, FBI Cyber Division Assistant Director James Trainor says victims shouldn’t pay the ransom, as it emboldens these cyber criminals.

6) There are Decrypt Keys Available

Depending on the specific type of ransomware infecting your computer, you may be able to find a decrypt key without paying the ransom. As explained by NoMoreRansomware.org — a site that publishes free ransomware decrypt keys — some malware authors make mistakes when implementing their ransomware, allowing cybersecurity professionals to crack the encryption. In other cases, police raid and seize the cyber criminals’ computers, on which the decrypt keys are stored.

Some of the ransomware types for which decrypt keys are available include:

  • AutoLocky
  • BTCWare
  • Crysis
  • Chimera
  • CoinVault
  • Jigsaw
  • Rakhni
  • Ronnoh
  • Rotor
  • Shade
  • TelsaCrypt
  • TorLocker
  • WannaCry (CWRY)
  • Wildfire
  • Xorbat

If you know the name of the ransomware infecting your computer, search for “[ransomware name] + decrypt key” on Google. With a little bit of luck, you may find a solution.

7) Some Ransomware Doesn’t Encrypt

Ransomware typically falls under one of two categories: the type that encrypts the victim’s files and the type that doesn’t. Encrypting ransomware is the most problematic, as it requires a decrypt key to restore file access. Non-encrypting ransomware may still restrict access to your files. However, it’s usually easier to fix than its encrypting counterpart.

With non-encrypting ransomware, you can often fix the infection using anti-malware software. Since it doesn’t encrypt your files, you don’t have to worry about obtaining a decrypt key. Rather, you need to lift the restriction that’s preventing you from accessing your files, which may be possible through traditional anti-malware software or system restores.

8) Ransoms are Increasing

There’s currently a disturbing trend in which ransomware demands are increasing. According to a report published by the cybersecurity firm Symantec, the average ransomware payment in 2016 was $294. However, researchers believe this number will increase to $1,077 by the end of this year. In other words, victims of ransomware are paying more than $1,000 for a chance to regain access to their files.

Not only are ransoms increasing, ransomware attacks are becoming more frequent. According to a separate report by the insurance company Beazley, ransomware attacks increased by 400 percent in 2016, and they are expected to increase by 200 percent in 2017.