Ransomware has paralyzed computer networks across the world causing a minimum of $75 billion in damage. Every 14 seconds, a new business is targeted by ransomware — a virus that holds its software systems or data hostage until a ransom is paid for their safe return. There were an estimated 184 million attacks in 2017 alone with the cyber attackers collecting at least $750 million in ransom. Ransomware rates continue to with attacks increasing 97% in the past 2 years.
The typical ransom demand says “You just have 7 days to send us the BitCoin. After 7 days we will remove your private keys and it’s impossible to recover your files.” Once businesses are hit, they have 2 options: Pay hackers to return the data, or pay ransom recovery companies to retrieve it.
The ransomware recovery companies promise to help victims regain access to their computers by unlocking their data with the “latest technology. Instead, these companies charge their clients fees that are far higher than the ransom amounts, obtain decryption tools from cyberattackers by paying ransoms usually without informing victims or local law enforcement agencies. They also offer other services, such as sealing breaches to protect against future attacks. Many firms use aliases for their workers, rather than real names, in communicating with victims.
Payments are sent by the “recovery companies” online wallets to one specified by the attackers. They are then laundered through multiple bitcoin addresses making them more or less untraceable. In many cases, hackers even treat data recovery firms like partners by offering discounts or deadline extensions to encourage continued cooperation.
To be fair, some companies openly help clients regain computer access by paying attackers. They assist victims who are willing to pay ransoms but don’t know how to deal in bitcoin or don’t want to contact hackers directly. At the same time, they seek to deter cybercrime by collecting and sharing data with law enforcement and security researchers.
Unless the hackers use an outdated variant for which a decryption key is publicly available, the quickest and most effective path is to pay the ransom because most ransomware strains have encryptions that are too strong to break.
The problem is that while there is nothing illegal about negotiating with hackers, paying ransoms perpetuates the extortion industry. Cyberattackers who routinely collect tens of millions from secretive “data recovery” companies have every incentive to continue to extort ransoms. Even more problematically, much of the ransom money ends up in the coffers of international terror groups and crime syndicates.
It is easy to take the position that no one should pay a ransom in a ransomware attack because such payments encourage future attacks. It is much harder, however, to take that position when it is your data that has been encrypted and the future of your company and all of the jobs of your employees are in peril. It is a classic moral dilemma.
Ransomware continues to spread and is infecting devices around the globe. We are seeing different kinds of ransomware, different deployment methods, and a coordinated distribution. The FBI considers it one of the top cybercriminal threats.
If you have been hacked, ensure you deal with an ethical, transparent company. And if you find your ransomware recovery firm has paid a ransom while pretending otherwise, it could constitute deceptive business practices prohibited by the Federal Trade Commission Act.
I received a ransomware extortion threat. I sent them my income tax return.They send me some money