{"id":18078,"date":"2021-03-08T04:11:16","date_gmt":"2021-03-08T09:11:16","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/to-pay-or-not-to-pay\/18078\/"},"modified":"2021-03-09T13:28:11","modified_gmt":"2021-03-09T09:28:11","slug":"to-pay-or-not-to-pay","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/to-pay-or-not-to-pay\/18078\/","title":{"rendered":"Ransom: To pay nothing or not to pay? That is the question"},"content":{"rendered":"<p>Sometimes, reading an article about what to do in case of a ransomware attack, I come across words like: \u2018Think about paying up\u2019. It\u2019s then when I sigh, exhale with puffed-out cheeks\u2026 and close the browser tab. Why? Because you should <em>never<\/em> pay extortionists! And not only because if you did you\u2019d be supporting criminal activity. There are other reasons. Let me go over them here:<\/p>\n<h2>First, you\u2019re sponsoring malware<\/h2>\n<p>Cybervillains, malicious actors, extortionists, cybercriminal groups\u2026 \u2013 they\u2019re all bad guys, and if you pay them a ransom, you\u2019re giving them the income they need to keep doing what they do: negatively affecting the lives of innocent people. A vicious circle would set in: they encrypt you, you pay them, they encrypt others\u2026<\/p>\n<p>Basically, there are two ways to wean extortionists off their nasty habit: they can be rounded up (which we periodically assist with), or their activity can be made unprofitable, forcing them to find respectable employment. They don\u2019t seem to realize that programmers earn quite a decent wage.<\/p>\n<p>So how can their activity be made unprofitable? If victims stop paying, that\u2019s how. \u2018That\u2019s all very well,\u2019 I hear you say, \u2018we too want world peace and fairness and justice for all, but my data just got encrypted and my company could go bust without it.\u201d Even so, don\u2019t pay up! Bear with me\u2026<\/p>\n<h2>Second, you might not get your data back<\/h2>\n<p>Agreements with cybercriminals are never written in stone \u2013 there\u2019s no contract that\u2019s signed. Even if there were, since when have you heard of criminals ever being respectful of legal niceties? Thus, the fact of paying up does not necessarily mean your files will in fact be decrypted.<\/p>\n<p>Recall <a href=\"https:\/\/securelist.com\/expetrpetyanotpetya-is-a-wiper-not-ransomware\/78902\/\" target=\"_blank\" rel=\"noopener\">ExPetr\/NotPetya<\/a>\u00a0\u2014 since a unique user ID was generated completely randomly, it was simply impossible to decrypt the files. Even the attackers themselves couldn\u2019t do it! So all the money in the world wouldn\u2019t have helped at all. And ExPetr\/NotPetya is hardly an isolated case. It\u2019s not uncommon for cybercriminals to make coding errors. And while sometimes such errors allow us to create a decoder, other times, on the contrary, they prevent even the coders themselves from developing one.<\/p>\n<p>There was a recent case when a cybersecurity expert <a href=\"https:\/\/twitter.com\/demonslay335\/status\/1360396124901752832\" target=\"_blank\" rel=\"nofollow noopener\">publicly asked<\/a> a cybercriminal group to fix a bug in its ransomware Trojan to stop affected files from being corrupted irrevocably. It\u2019s hard to know whether to laugh or cry! So, to sum up: if you decide to pay up, just remember there\u2019s no guarantee you\u2019ll get your files back \u2013 ever.<\/p>\n<h2>Third, they can extort more from you<\/h2>\n<p>It\u2019s <a href=\"https:\/\/www.ncsc.gov.uk\/blog-post\/rise-of-ransomware\" target=\"_blank\" rel=\"nofollow noopener\">happened<\/a> before: cybervillains attacked an organization that paid a whopping $6.5 million to get its data back. Two weeks later the same cybervillains encrypted the same data again with the same methods, and were rewarded with yet another hefty ransom!<\/p>\n<p>The real problem in that example was that two weeks wasn\u2019t long enough for the organization to patch the hole that the intruders had crawled through the first time. Crooks who strike lucky once may try again, simply because they can: they\u2019ll probably still have your data (they may have deleted it, but probably not).<\/p>\n<p>The only way out is to not pay up at all \u2013 not even once. If you do, you might get a second, third, then fourth demand, because the baddies will come to see you as an easy, steady source of income.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-ransomware\">\n<h2>So what should be done?<\/h2>\n<p>Let\u2019s say you\u2019ve decided \u2013 correctly \u2013 not to pay the racketeers. Now what? Your files are encrypted\/stolen, and the cybercrooks are threatening to publish everything. What a mess. Here\u2019s what to do:<\/p>\n<p>Stay calm and look for a decryptor. One either already exists <a href=\"https:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener\">here<\/a> or <a href=\"https:\/\/www.nomoreransom.org\/en\/decryption-tools.html\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a>, or, if not, may appear later. We release and update them regularly as part of our process of studying malware and catching intruders.<\/p>\n<p>Talk to the vendor you bought your protection system from. First, find out how it happened that you got encrypted. Second, ask the vendor for help with the decryption: it might be that the vendor knows what to do, and they probably will want to help you \u2013 a valued customer. They\u2019ve got your security at the forefront of their minds, and they\u2019ve also got their reputation to think about: fairly priceless for a security company.<\/p>\n<p>That said, it\u2019s always better, of course, to strengthen your defenses so as to be able to prevent infections in the first place. <em>But never pay up!<\/em> If everyone stops paying, the cyberextortionists will gradually end their racket, and the world will be able to breathe a little easier.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksc-trial-generic\">\n","protected":false},"excerpt":{"rendered":"<p>Three reasons not to pay cyber-extortionists \u2014 and what to do if you get hit.<\/p>\n","protected":false},"author":13,"featured_media":18079,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917,1485,9],"tags":[2088,2040,2105,433],"class_list":{"0":"post-18078","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"category-special-projects","10":"category-tips","11":"tag-tips","12":"tag-extortion","13":"tag-ransom","14":"tag-ransomware"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/to-pay-or-not-to-pay\/18078\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/to-pay-or-not-to-pay\/22585\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/to-pay-or-not-to-pay\/24310\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/to-pay-or-not-to-pay\/22378\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/to-pay-or-not-to-pay\/21232\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/to-pay-or-not-to-pay\/24836\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/to-pay-or-not-to-pay\/24059\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/to-pay-or-not-to-pay\/30191\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/to-pay-or-not-to-pay\/9401\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/to-pay-or-not-to-pay\/38946\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/to-pay-or-not-to-pay\/16495\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/to-pay-or-not-to-pay\/17099\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/to-pay-or-not-to-pay\/14543\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/to-pay-or-not-to-pay\/26311\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/to-pay-or-not-to-pay\/30163\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/to-pay-or-not-to-pay\/26763\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/to-pay-or-not-to-pay\/23605\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/to-pay-or-not-to-pay\/28965\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/to-pay-or-not-to-pay\/28774\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/ransomware\/","name":"ransomware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=18078"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18078\/revisions"}],"predecessor-version":[{"id":18080,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18078\/revisions\/18080"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/18079"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=18078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=18078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=18078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}