Just about everyone knows about ransomware by now. You or someone you know has more than likely been affected by this nasty piece of malware, either personally, or at work. If you’re one of the few who are unfamiliar with it, ransomware is a type of malicious software designed to block access to a computer system/network, usually by encrypting all resources on the system/network, until a sum of money is paid.
Should I Pay the Ransom?
The most commonly asked question about ransomware? “Should I pay the ransom?”
We are only asked this when a prospect reaches out in a panic after all other options have failed. Each particular case is different, but generally:
• In a properly maintained environment, a ransom should never be considered. It is the responsibility of the IT staff/vendor to maintain adequate backups. At TNN, our number one priority is our backup platform. Because of our attention to detail in this area, NONE of our clients have lost data to a virus infection of any kind.
• In a neglected environment, a thorough analysis will be required by a trained professional to determine if making the payment is worth the risk. We have yet to see an instance where this was the case.
If your environment falls in the neglected category, or your IT staff/vendor failed in their duties to ensure you had functioning backups, here are a few things to think about.
Each specific variant introduces a ton of different variables, each of which should be thoughtfully considered:
• What is the dollar amount being demanded?
• Is this specific variant common?
• If it is, are there any records of organizations paying and successfully retrieving data?
• Is the family that the specific variant falls into commonly decrypted shortly after infection due to the number of keys being shared online?
Is Paying the Ransom Worth It?
If you decide to pay the ransom, you are really playing with fire. The percentage of even receiving the key is less than 50%. Another variable that needs to be heavily factored into the situation comes after receiving and executing the decryption tool. The possibility exists that some resources may not even be functional; this is common with Virtual Hard Drive and database files.
Taking all these variables into account, the chances of recovering mission critical data are incredibly slim!
Technical aspect aside, the only drive for this type of infection is the possibility of the culprit making money. If proper care is taken, and the potential for data loss is minimal, ransoms will stop being paid. If no one pays the ransom, what incentive do they have to keep trying? None!
Join us here for more IT News and Tips.