If a hacker hijacks your computer with malware and holds your data for ransom, it’s probably best to just pay up, at least that’s the latest advice the FBI is giving out concerning ransomware.
Reported last week by Security Ledger, Joseph Bonavolonta, the Assistant Special Agent who oversees the FBI’s CYBER and Counterintelligence Program in Boston, spoke at the 2015 Cyber Security Summit and advised that companies infected with ransomware may want to give in to the criminal’s demands.
“The ransomware is that good,” Bonavolonta explained to an audience of business and technology leaders. “To be honest, we often advise people just to pay the ransom.”
Ransomware is a malicious software that takes over a victim’s hard drive when they click on an infected advertisement, email, attachment, or website and encrypts the contents of a device — and any other connected electronics — which the hacker then demands bitcoin or cryptocurrency payments to unlock.
The key to unencrypt data can cost victims anywhere from $US200 and $US10,000 and affects individuals and businesses alike. Even the police are not immune to the attacks. Cryptowall alone — currently the most prevalent malicious software used — made hackers over $US18 million from April 2014 to June 2015.
“The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom,” Bonavolonta said. Adding that the Bureau and other’s efforts have yet to yield a solution.
In an ironic twist, the large amount of people paying the ransom actually seems to be keeping the amount demanded low. And while supporting this sort-of ransomware economy may seem backwards, attackers appear maximise their profits through volume and most keep their word that you will “get your access back,” Bonavolonta said.
Not everyone would agree with Bonavolonta’s advice though.
In 2013, when Cryptolocker — the now disabled email phishing program — swept through computers in the UK, the National Crime Agency recommended businesses not give into malware authors and said it “would never endorse the payment of a ransom to criminals” adding “there is no guarantee that they would honour the payments in any event.”
While there may be disagreements over how to handle the growing cybersecurity problem, there are ways to keep scammers out.
The Internet Crime Complaint Center (IC3) division of the FBI recommended in a June public service announcement taking the following steps to keep hackers at bay:
- Always use antivirus software and a firewall. It’s important to obtain and use antivirus software and firewalls from reputable companies. It’s also important to continually maintain both of these through automatic updates.
- Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it’s best to prevent them from appearing in the first place.
- Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files.
- Be sceptical. Don’t click on any emails or attachments you don’t recognise, and avoid suspicious websites altogether.
IC3 additionally says if you believe you are a victim of ransomware to file a complaint your local FBI field office and suggests disconnecting from the internet to avoid any further data loss if you receive a message demanding payment.