The FBI has come out with its strongest, most unambiguous warning to date, urging anyone targeted by ransomware not to pay up – regardless how tempting it may be.
Cybercrime experts have long warned individuals and businesses to not be swayed by financial demands if they fall victim to a ransomware attack. This is because ransomware is often so poorly made that any encrypted files may be so badly scrambled that they simply cannot be restored, even after a ransom has been paid. There’s also the very real possibility that a cybercriminal will take the ransom and simply not provide the key to unlock encrypted files.
Despite this, many victims are still paying up, in the hope they can salvage any information that may be incriminating to themselves or sensitive to their business. What’s more, cybercriminals have been increasingly setting realistic demands (in the hundreds or thousands of pounds, rather than tens of thousands or millions) in a bid to encourage victims that paying up is worth a try.
However, the FBI has now urged anyone who finds themselves a victim of cybercrime to refuse all demands – not just because the files may already be corrupted beyond repair, but also because payment will only encourage cybercriminals to continue attacking other targets.
That said, the FBI did note how compelling it can be for some companies when faced with this decision. It’s understandable, the agency said, for executives to “evaluate all options” when faced with a decision on how best to protect their shareholders, employees and customers. However, the best approach would still be a point-blank refusal to pay the demands.
“Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals,” it said.
The FBI’s advice was echoed by respected cybercrime journalist Graham Cluley, who put it more simply. “If no one ever paid the ransom,” he wrote for tripwire.com, “there wouldn’t be any more ransomware attacks.” Cluley went on to explain how this alone was good enough reason to not be tempted by any ransom demands. By not giving in to a criminal who has targeted your business or personal accounts, you can potentially save countless others from the same fate.