Ransomware viruses are classified as one of the most dangerous computer viruses at present, and the most popular ones that usually encrypt your files or block access to your device unless you pay a sum of money (ransom) to get the decryption code and revert the changes made to your files. These viruses are controlled by internet criminals who sit in safe havens, hiding behind a set of servers, making them difficult to track. Typically, the victim knows that their files have been affected by this virus when they see an alert window on their desktop, which includes instructions on how to send the money. But should you do it? Let’s find out.
There is no doubt that getting infected with ransomware is a big problem that is usually accompanied by worry and stress. In order to access your files, you need to pay a large sum, and the payment is usually made in digital currencies because it is the preferred method by internet criminals. If you are not an investor in digital currencies, you may have no idea how to make the payment using this currency or even start opening a Bitcoin account – time is ticking. Even if you decide to pay, it poses a risk to your money because there are no guarantees that the payment process will retrieve your files. Hence, there is no clear and direct answer as to whether you should pay the ransom or not.
Looking at the issue from another perspective, paying the ransom is considered a key factor in the widespread of this virus in recent years to the point where it has become a “service” from successful and profitable business services. Intruders, even those with little technical expertise, can easily launch ransomware attacks. The number of ransomware attacks increased by 400% from 2017 to 2018, according to Symantec’s annual Threat Report, and cybersecurity experts state that this growth is due to the number of individuals and organizations that have paid the ransom, encouraging criminals to continue attacking and earning more money.
However, sometimes the cost of not paying the ransom may be greater than paying it. This especially applies if you are responsible for a large institution where you have no choice but to pay. For example, a small city in Florida, USA, recently had to pay over $600,000 to internet criminals to decrypt their devices infected with this virus.
What will happen if you pay the ransom?
As mentioned earlier, if you choose to pay, there is no guarantee that you will retrieve your files, as you may pay and then not receive the decryption key or receive a key that does not work. In fact, there may not be a decryption key at all, as most of these viruses are designed to destroy rather than extort. Victims have reported that after paying thousands of dollars, only a partial recovery of files is achieved, then the intruder asks for more money to recover all the files.
You may also face consequences after paying the ransom and fully recovering your files, as security analysts indicate that victims who pay are directly targeted as they are put on a list of those who have shown willingness to pay, making them a target for further exploitation to extract money!
This may not be a concern for large institutions and companies that can invest in resources to enhance security after an attack. Individuals can invest in file backup programs to protect their important files in case of future infection with these viruses, or follow the guidance provided by author and founder Mahmoud Munir in a previous article titled “Ransomware Encryption Viruses and Protection before it’s too late.”
What will happen if you refuse to pay the ransom?
There are many reasons that may lead you to refuse to pay the ransom, such as having backup copies of encrypted files or them not being important enough to you, or thinking that this money could be used to fund more cyber attacks or other illegal activities, or simply not having the sufficient amount to pay the required ransom, or having it but not wanting to take the risk. Whatever the reason, you can face this situation thanks to the availability of some ways to decrypt and retrieve your files for free, although we cannot guarantee their effectiveness.
In the case of a ransomware infection, you can benefit from No More Ransom, a joint project between Kaspersky, McAfee, and a handful of European law enforcement agencies (Europol) aimed at helping you retrieve your files if you choose not to pay. All you have to do is visit the website and upload some encrypted files from your device. If the team there manages to decrypt them, you can access your files at no cost. It is evident that this team has managed to decrypt the encryption methods used in a number of these viruses such as SYRK, JSWORM 4.0, HKCRYPT, and others. However, it is not a guaranteed solution but provides a potential opportunity.
In any case, if you regularly back up your files, restoring backups is always the best solution to face such a difficult situation. Backup operations are essential as they protect your data from almost anything.
