Should You Pay or Fight Ransomware

Should You Pay or Fight Ransomware

Our good friend Stu Sjouwerman at KnowBeFor was interviewed for this great Network World article by Colin Neagle regarding the options for dealing with ransomware infections.

Ask security experts what to do when hit with ransomware — the sophisticated malware that infects a device or network, uses military-grade encryption to restrict access, and demands payment for the decryption key — and you’ll typically get the same answer: “never pay the ransom.” But for many, that’s simply not an option.

Ransomware: Pay Up Or Fight. What Would You Do? |

In most of these cases, paying the ransom is a “no-brainer” for the organization, Sjouwerman says. That’s because ransomware is largely automated, demanding around $500 in exchange for the decryption key for all victims. The ransom for a police department’s evidence might be the same for a personal PC user’s photos.

“Ransomware is the Walmart of cybercrime. They just have decided to automate the whole process,” Sjouwerman says. “And they are massively phishing as many email addresses and companies as they possibly can. For them, they have figured out that the business model is: some people will have backups, some people won’t. Of the people that don’t, it has to be a no-brainer.”

The cybercriminals behind these attacks are concerned with maximizing the likelihood of their victims paying the ransom. Theoretically, they could increase the payout for cases where they’ve encrypted more valuable data. But the key is to make sure they pay up, and keeping the price within a reasonable range will increase the chances that more victims will pay.
Ransomware: Pay it or fight it? | Network World

Honor among thieves

Along these lines, many of the people behind ransomware have focused on creating a trustworthy reputation on the Internet, honoring all ransom payments and leaving victims alone once the exchange has been made. In December, Sjouwerman told CSO about a new strain of ransomware called OphionLocker that was designed to recognize the devices it had infected in the past so that it doesn’t hit the same victims repeatedly. And in his experience working with ransomware victims, Sjouwerman says every victim that has paid the required ransom amount did receive their decryption key, most of them within an hour of sending the payment.

The objective is to make the decision as easy as possible for ransomware victims – if they pay up, they will receive access to their files and can put the entire ordeal behind them. “If they are not prepared and they are hit, most of them will pay,” Sjouwerman says.

So it’s not much of a surprise that ransomware has grown so rapidly since CryptoLocker, the now-defunct ransomware strain that brought this model to the internet, was released in September 2013. Symantec estimated in September (PDF) that CryptoLocker-style ransomware grew 700% in 2014. McAfee recently reported (PDF) a 155% growth of ransomware in the fourth quarter of 2014.

The IT security community may advise against paying the ransom as a means of removing the incentive for cybercriminals to engage in this kind of scam. But that is usually the last thing on the minds of IT decision makers who just want to get their files back and get back to work. For an organization that faces losing weeks’ or months’ worth of data, they can write off the expense as a learning experience.

“This is in jest and more ironic than anything else, but you almost have to be grateful to the Eastern European cyber mafia to send you a social engineering audit that tests both your employees and your IT department for being click-happy, and also if best practices are being implemented or done,” Sjouwerman says. “It’s a really cheap audit, for $500.”.
Ransomware: Pay it or fight it? | Network World

How to Prevent & Avoid Ransomware

Leo Notenboom

Preventing ransomware

You protect yourself from ransomware exactly like you protect yourself from all viruses and malware.

1. You should have a firewall. A router is probably good enough and an additional software firewall is fine if you’re paranoid. Turning on the Windows 7 firewall these days is usually enough.

2. Run up-to-date anti-malware tools. I happen to recommend Microsoft Security Essentials, but there are many, many others. Make sure that they are running and up-to-date.

3. Keep your system and software up-to-date.

4. And of course the usual advice applies: don’t download random things from the internet; don’t open attachments that you aren’t completely certain are valid and correct. The most recent and virulent ransomware seems to arrive most often in the form of an email attachment.

Basically, do all the things you should already be doing to keep yourself safe on the internet. In fact, that’s the article that I’m going to point you at (“Internet Safety: 8 Steps to Keeping Your Computer Safe on the Internet“) because that’s really all this boils down to doing.

This happens to be just one style of threat – a particularly nasty one – but one that you protect yourself from it in the exact same way that you protect yourself from all other styles of attack… all other styles of malware.

 962 total views,  1 views today

(Visited 1 times, 1 visits today)

20 thoughts on “Should You Pay or Fight Ransomware”

  1. Leslie Buchanan

    It’s always so nice to see you, and I’d just like to check definition of “Ransomeware”. Those programs that do a scan, ALWAYS find find 600 and something things to be fixed, sounding like it’s free but turns out you have to “Register”? Some other newcomers may also need a definition. Thx.

  2. Hold on a second! Doesn’t PCmatic claim to block ransome ware? Doesn’t supershield with it’s lists do the job?

  3. Anthony J Jordan

    These ransomwaremen must be in cahoots with Wall Street banksters because none of them ever go to prison.

  4. Yesterday (03-22-2015) I aquired a nasty.
    It took me a good 5+ hours to remove it.

    I tried to download a video and it tried to install a download manager. When I saw what was coming I clicked on “decline” and that is what got me locked in. I clicked decline all the way through the end and then it started all over again. Did a ctrl/alt/del and entered Task Manager. Closed the offending program and left.

    I then went to My Computer and entered the program name “nssAA71.tmp”. After a good hour of searching my “C” drive I found the file along with its helper file and deleted them both. After a loop with Windows for permissions it wad deleted. Did a scan with Malwarebytes and it found and deleted 2 PUP’s. I then did a scan with Windows AV and it found nothing.

    About 1 hour later it started over again. Did the same thing again this time searching for “nsmC61F.tmp”. About an hour later deleted it and it’s helper file. Scanned again with Malwarebytes and it found and deleted 1 PUP’s. Windows AV again found nothing.

    About 1 hour later again it hit.
    This time I did a search for “nsw37A7.tmp”. Once again the hour long search and deleted it and the helper files. This time I right clicked on my “C” drive and did a scan with Malwarebytes. This scan took a very long time (2+ hours) but found a bunch of files and deleted them.

    So far that seems to be the end of it.

    With this experience in mind I have a question………..

    Is there a way of finding the file path in Task Manager? That would have saved an awfuly long time in searching the “C” drive for these files.

    Thanks for a nice article……..Alan

  5. I think paying a ransom is just about the worst thing you can do, it just reinforces bad behavior. I agree with Jim that the government should be all over this.

  6. I use Ccleaner and Panda Antivirus software. Panda will notify me about problems. I am very careful about downloading software. Sometimes notices about system infections will just pop up on my system. In that case I close down my computer and after restarting I will do a Panda scan of my computer and search for vulnerabilities. I rarely have problems.

  7. Do you really think if it was that easy, this wouldn’t be such a big issue ?

    It’s this kind of thinking and advice that is why people end up getting caught out, but I guess if it gets the idiots off the internet it may not be such a bad thing, just form the queue for the Darwin Awards to one side.

  8. I have to wonder why it is possible to transfer money to someone who cannot be traced. Surely the banking system should be able to identify account holders?

  9. People who perpetuate ransomware should be identified and then executed. Finding the money trail would be extremely difficult, but I had rather pay a congress critter to put a national agency on the problem than pay the ransomware. I took my computer to my service man and had the whole drive reformatted (he had to reinstall the operating system. Luckily I only used the computer in question for more fun than business.

  10. Is there any – or any significant – incidence of ransomware attacks on the MAC platforms?

    Per comments above on crooks automating and maximizing income flow. one would think not.

    But are there stats to refute or verify this supposition?

  11. I have PCMatic on all my PCs and I had to purchase an Anti-malware to get rid of some vicious ad/ransomeware! Yes I paid to get rid of it and will never pay the AH that tried to extort money from me.

  12. WHY doesn’t the government make this a National Security Issue and put a stop to this? I can’t believe that a bunch of idiots out there snickering about their success at ruining people’s Internet lives and making $$$ with this brilliance are going to continue this charade – it’s a charade because the GOVERNMENT can stop this if they made it a National Security Issue – OR maybe the gov’t idiots should HIRE these jerkoffs.

  13. I got infected with binkiland, loads of security software said they were the only ones able to get rid, but I went to only one who could get rid for free, that one is the old favourite Malwarebytes!

  14. have you tried system restore to an earlier
    date, I got rid of ransome wear that way.
    seemed to work ok for me

  15. I removed malicious software off my computer by going into protective mode using a commercial specialized malicious removal product. What I was thinking that I had sufficient protection with a industry leader was not sufficient.

  16. Does Pc Matic protect my computer from all this stuff? Can I add another lap top computer to be covered by my PC Matic subscription?

    1. @Al Weltzheimer:

      To reinstall PC Matic or install the program on an additional computer, download and install the program by clicking the link below:

      Once the program is installed, launch the application, and login to run the scan. For PC Matic, you only need to login with the same email address , and password as was previously used for the original installation. Do not click on the ‘Register’ or ‘Edit’ option or otherwise try to use the license key again. If you need a password lookup, you can do that from here:

  17. I’ve found that one way to get released from ransomware is to go to my “start” button and activate the “restore” function. That operation will take my computer back to a previous point in its history where the ransomeware control is no longer present. I may have to update a few things, but that is certainly better than paying any fee for such extortion.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.