If You Are a Victim of Ransomware, Should You Pay?

Bob Ulrich
Posted on April 13, 2017

If you are a victim of ransomware, what should you do? Here are some choices.

1. Pay the ransom.

2. Call law enforcement.

3. Not pay the ransom.

4. Follow 2 and 3.

There really is no right answer. The FBI strongly encourages victims to contact one of its local field offices or the U.S. Secret Service immediately in order to provide assistance when your business is blackmailed by cyber thieves. It also does not encourage payment of the ransom.

Here are the risks you face if you pay.

 * Paying the ransom does not guarantee access to your data once the ransom is paid.

* Paying the ransom opens the door to future attacks because the attackers know you will pay.

* After paying the ransom, some victims have been asked to pay even more to get the encryption keys.

* Paying ransom supports and encourages this illegal activity.

However, what if the information being held hostage is critical to your business? In addition, how much will downtime cost you? I compare this to companies that will settle out of court even if they are not guilty. They do so when they know the cost of trying to prove their innocence – with no guarantee of that -- would be much greater than settling.

It may be giving in to extortion, but it’s still a tough call.

I know of four dealers who dealt with ransomware recently. I talked to one in my “Beware of Ransomware” report in our April issue. He didn’t pay, but his new POS software system was less than two weeks old. He also didn’t call the authorities.

He was a little embarrassed. “You think you’re smart enough to run your business,” he told me.

The FBI says law enforcement “may be able to use legal authorities and tools that are unavailable to most organizations.” It can even enlist the assistance “of international law enforcement partners to locate the stolen or encrypted data or identify the perpetrator.”

If you experience a ransomware attack, I would suggest you give the FBI a call. Ransomware cost businesses at least $1 billion last year, and that doesn’t take into account unknown attacks where the business owner paid the ransom and moved on. It also doesn’t take into account downtime. $1 billion is a very conservative estimate that cybersecurity companies agree will increase dramatically in the next five years.

As for whether or not you should pay the ransom, that’s a tough call.

Related Topics: B.O.B., FBI, Ransomware

Bob Ulrich Editor
Comments ( 1 )
  • Ginny

     | about 9 days ago

    The best practice is to have excellent network protection and to your data backed up in several places, at least one of which is off site. That way, if you do get ransomware you can restore your data. I would never pay the ransom, as often times the attackers will supply you with a fake key to retrieve your data - that is if they provide you with anything at all.

More Stories
Figure 1: Exploded view of a clamp-in style tire pressure sensor. Illustrations courtesy of General Motors Corp.
Article

TPMS: GM/Cadillac Escalade Series: 2007-16

The tire pressure monitoring system (TPMS) on 2007 to 2016 GM/Cadillac Escalade Series system uses the remote control door lock receiver (RCDLR), body control module (BCM), four radio frequency (RF) transmitting pressure sensors, and the serial data circuit to perform the sensor learn mode functions.

News

Vipal Meets Customers in New Orleans

Vipal Rubber Corp. is displaying its recently-released, Alpine-symbol-certified VT220 tread at the North American Tire & Retread Expo in New Orleans.

News

Road To Indy TV Unveils Xbox One App 

After becoming the first American racing series with a dedicated broadcast channel on demand via Apple TV, Amazon Fire and Roku last April, Mazda Road to Indy TV today announced another landmark.

Be the First to Know

Get the latest news and most popular articles from MTD delivered straight to your inbox. Stay on top of the tire industry and don't miss a thing!