SD\PHQWFDQEHIRXQGDQGWDNHQR̈LQH6RPHWLPHVWKHEDGJX\VGRLW
because they need to cover their tracks and move on to the next
nefarious campaign; other times, law enforcement takes down the
system. In either case, anyone who has been infected and not paid the
ransom can no longer get their system unlocked, even if they pay.
Second, even when the ransomware system is working as “advertised,”
there’s no incentive for the bad guys to follow through. They got the
money—mission accomplished. They don’t really gain anything from
XQORFNLQJ\RXU¿OHVH[FHSWPD\EHLQFHQWLYL]LQJ\RXWRGRLWDJDLQWKH
next time it happens.
7KLUGHYHQLI\RXJHW\RXU¿OHVXQORFNHGWKHUHPLJKWEHRWKHUGDQJHUV
awaiting you. It’s conceivable the attackers may have left some
unpleasant surprises behind or taken advantage of the confusion and
done who knows what to your system. Perhaps in addition to encrypting
\RXU¿OHVWKH\GHFLGHGWROLIWDFRS\IRUWKHPVHOYHVDQGVHOOLWRQWKH
Dark Web. Paying the ransom won’t undo that potential damage.
Last, paying the ransom will almost certainly not save you money in the
long run. After Atlanta was hit with ransomware, it had to spend $2.6
million to recover. The initial ransom was $50,000. That ransom cash is
better served to help rebuild.
I’m not one to blame victims. I have never made life-or-death decisions
in a hospital, and I’ve never tried to run a city that didn’t have the word
“Sim” in front of it. I cannot imagine the pressure legislators face when
ransomware comes knocking. They surely made the decision they
thought best.
But whenever anyone asks me about what to do if they get infected with
ransomware, I’ll always say: Don’t pay.
[email protected]
Max Eddy
PC MAGAZINE DIGITAL EDITION (^) I SUBSCRIBE (^) I AUGUST 2019