Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Don't pay ransoms. But if you must, here's where to buy the Bitcoins

Maria Korolov | April 5, 2017
If you're hit by ransomware and you have to pay the ransom -- what do you do?

And if you're trying to avoid having to report a breach, paying the ransom won't help, since you know the criminals have the data.

Another situation where you shouldn't pay a ransom is to fend off a Distributed Denial-of-service attack (DDoS), said Barak.

"Ransom demands for DDoS attacks have been around for a long time and most of them are fraudulent," he said.

Even for traditional ransomware, where the attackers encrypt your files, there are some good reasons not to pay, said Eldon Sprickerhoff, founder and chief security strategist at eSentire.

For example, the hackers may have embedded themselves in your systems, and if you don't wipe the machines and restore from a good backup, they may stick around.

"You put yourself at risk for future attacks," he said. "If a hacker is successful the first time, they will try again."

Plus, even if you pay up, they might not restore all your files, or restore nothing at all, he said. "It's just not worth the risk," he said.

Instead, companies should prepare for an attack by making sure their back-ups are good, patching is up to date, systems are hardened and that users have been trained on what to look for, he said.

Finally, before deciding to make that ransomware payment, check with your legal department.

"Organizations need to understand the implications of paying out a ransom," said Digital Shadows' Holland. "A cyber security insurance policy could be invalidated because of a ransom payment." 


Alternatives to paying the ransom

If you've been hit by ransomware, there's a problem with the backups, and you don't want to pay -- or the criminals took your money and didn't restore your data -- there may be some options.

"The first thing you should do is look at some of the tools already published," said Karagiannis. "It might be possible that you could have that removed without paying a penny."

One place to get started is No More Ransom, a site backed by security companies including Intel Security, Kaspersky, Avast, Bitdefender and Trend Micro and a number of law enforcement organizations including Europol.

The site helps victims identify the type of ransomware they've been hit with, and offers downloads of the decryption solution if one is available.


Ransomware and the Bitcoin economy

There are no exact numbers for what percent of Bitcoin transactions are payments for ransomware.

But there are a couple of ways to get estimates.

One way is to look at the public ledgers associated with wallets connected with ransomware criminals. The Bitcoin system records every single transaction. That wallets are not identified by name makes them convenient for crooks, but they can still be tracked.


Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.