Dealing With Ransomware Pirates

Recent study reports suggest that ransomware attacks are on the rise and have devastating consequences for ransomware victims who must carefully decide how to proceed when dealing with ransomware pirates.

Ransomware victims must carefully decide how to proceed when dealing with ransomware pirates.

Typically, ransomware pirates take control of devices or files stored on computers and ask for a ransom in exchange for their release. This type of digital extortion is not very different from the ransom demands made by pirates off the coast of Somalia who take control of international cargo ships and ask for a large ransom which have often been paid by businesses to release their cargo and employees, except for that ransomware pirates can execute their attacks from the comfort of their homes anywhere in the world. In case you missed it, watch the movie based on a real story called Captain Philips featuring Tom Hanks to see how these highly motivated extortionists take advantage of vulnerable people and businesses to make huge sums of money in a very short period of time.

Just like the owners of the cargo ships who pay millions of dollars in ransom fees, computer and data owners also have their own reasons for paying huge sums of money to get their files back before they are destroyed forever or released to the public. Business computers contain very important files some of which may have cost a lot of money and effort to produce or personal computers may contain password files, old pictures, personal data, and other files that we can not afford to lose forever or have them be released to others. In addition, when businesses collect the personal information of their customers, they are legally responsible for protecting them. Losing personal data of customers to ransomware pirates can have devastating consequences for businesses and their customers.

Some of the malicious computer programs developed and used by modern day computer pirates are designed to destroy files within certain number of hours unless the ransom is received by the internet pirates and the encrypted files are released. One such ransomware is called CryptoLocker which was used and discovered in 2013 to lock the files and make them unusable. The smart computer program which was distributed through fake emails appearing to have been sent by well known companies installs itself in the Documents and Settings folder when links and attachments are clicked, scans the hard drive for a variety of file types such as Microsoft Word or Adobe Photoshop documents and encrypts them. After file encryption, the program informs the user with a message that they have exactly certain number of hours to pay the ransom in order to receive a code to unlock the files before the files are destroyed or disclosed. 

In the case of CryptoLocker, a computer security company determined at the time that unless the pirates release the decryption code, there is nothing that can be done to recover the files. With the collaboration of FBI as well as UK and EU law enforcement agencies the criminals behind Cryptolocker were apprehended and their encryption keys were used to create a free service to release data hostages, however, crooks continue to build new ransomware programs with stronger encryption and expanded capability to attack files stored on various devices including smartphones.

Of course this is just one example and more sophisticated ransomware programs are developed and used because ransomware is a more valuable and convenient tool for making quick money than stealing from credit cards and bank accounts while maintaining full anonymity.

Options for Dealing with Ransomware

In case all ransomware prevention methods fail and you face ransom demands, there are only a few options that you can consider to decide how to respond. For example, you may accept the loss if the files are not important enough to warrant a ransom payment, reset the affected devices and reinstall the files from an existing backup, or pay the extortion demand.

Other options for dealing with the ransomware after the fact is to either seek expert help and apprehend the computer pirates to get the decryption key by force or buy a software to decrypt the files which does not seem to exist. The decision to pay or not to pay the ransom is a business decision based on some facts and assumptions.

Paying the Ransom

In case you face a similar problem and decide to pay the ransom, please note that the ransomware pirates only accept payments via Bitcoin or prepaid debit cards to escape apprehension. That said, paying up the ransom does not guarantee that files will be released intact and without public disclosure. 39 percent of ransomware victims paid the ransom demand in 2018 and that number rose to 45 percent in 2019. The upward trend seems to continue in 2020 as 58 percent of ransomware victims, from every industry, have paid ransom. The problem with paying the ransom is that there is no guarantee the files will be released. In fact, about half of the victims who pay the ransom never recover after paying the ransom.

Refusing to Pay the Ransom

Refusing to pay the ransom demand is a personal choice and may have some undesired consequences that ransomware victims must be aware of and consider. You might think that the computer pirates may be bluffing in some cases but how many of us are willing to gamble especially if the ransom amount is not excessive? Although many malware programs are fake, it was determined that the CryptoLocker ransomware was real and could make the files permanently unusable. You must consider what you may lose and how important they are, what may be disclosed to public, what you can recover through backups, and how quickly you can be up and running.

Preventing Ransomware Attacks

While there is no prevention method with 100% effectiveness, there are certain steps that can be taken to avoid becoming a ransomware victim. Most importantly, all businesses and computer users must be educated about the existence of fake emails and malicious attachments as well as how to detect, report and eliminate the threats posed by dangerous emails and messages to prevent such incidents because as mentioned your options are pretty limited after the fact. Businesses will also benefit by having a computer hostage crisis policy to make quick decisions when facing clock ticking ransom crisis.

The best way to keep ransomware off your computers and online hostage takers at bay, it is a good practice to deploy anti-virus and keep the software updated. Being careful about what you click and install as well as backing up data on a separate hard drive or in the cloud could be a life saver when dealing with ransomware pirates.

Identity and Access Management blog, articles, news, analysis and reports
Visit our blog to read other articles.