Most security experts are explicitly against the payment of ransom. But the theory is different from reality. It is certainly true that every time someone pays a ransom, it encourages criminals to continue and, if possible, expand their activities. In addition, there is always the possibility that the extortionists simply disappear with the money and never send the decryption key – or that a flaw in the malware makes decryption essentially impossible.
However, criminals are also aware that such errors and behavior can damage their otherwise profitable businesses in the long run, so in most cases, the data can indeed be recovered. Thus, all victims of ransomware should think carefully about what is more costly for them: paying the ransom or giving up the encrypted data.
According to a survey by security provider Crowdstrike, a proportion of companies, around 27 percent of those surveyed, decided that the loss of their data would cost more than the extortionists demanded. Although the sums paid in this area are quite high: on average, $1.1 million.
The situation is quite different if the extortionists have stolen the data before they have encrypted it and threaten to make it public. According to Covewave, an anti-ransomware specialist, 70 percent of current attacks are based on this method. This poses an extra risk to the victim, especially as the extortionists may make another claim after payment – as there is no way to verify that the stolen data has been deleted. Just as there have been examples of stolen data being resold and extorted by other criminals.
At least in the case of ‘classic’ ransomware attacks, there is no such risk, where victims get (in good cases) the unlocking key to restoring their data in exchange for their money.
Learn here how to defend yourself effectively against Ranshameware attacks!