back to article Destroying ransomware business models is not your job, so just pay up

It's not your job to defend the world against criminals, so the decision to pay a ransomware demand is all about business. The likes of FBI Cyber Division deputy chief James C. Trainor disagree. The Bureau recently advised organisations not to pay lest they "embolden" criminals and encourage others to take start using …

  1. Paul Crawford Silver badge
    Unhappy

    Price of an education...

    ...for those without working, protected backup copies I guess.

    1. Voland's right hand Silver badge

      Re: Price of an education...

      A backup containing encrypted files is not particularly useful you know.

      You have to have layered "defence in depth" backup going back weeks if not months to deal with this. That is generally not available for an end-user PC in _ANY_ company. It is done only for servers.

      1. Roo
        Windows

        Re: Price of an education...

        "A backup containing encrypted files is not particularly useful you know."

        Sure, but an earlier backup where the file isn't corrupted is still useful.

        1. Halfmad

          Re: Price of an education...

          More reliable and in the case of the ICO they wouldn't have a problem with accepting some data loss in order to ensure the data you do hold is accurate.

          By all means archive off the encrypted stuff to try to decrypt it later once the malware has been cracked.

        2. Flocke Kroes Silver badge

          Re: Backing up encrypted files

          A backup is not a backup until you have tested a restore.

          1. BebopWeBop
            Facepalm

            Re: Backing up encrypted files

            Too true, and it is remarkable how many people only find that out when they want to do one. Not just friend and family, but 'professional' organisations as well.

            1. nerdbert
              IT Angle

              Re: Backing up encrypted files

              And how much do you trust that you won't get hit again with ransomware? Any time I run across a PC with a nasty it I assume that no matter what I do there's a chance some back door or other nasty will be left on the machine and I wind up wiping it anyway. Yes, it may take a while to get the data back, and yes, the luser will be stuck reinstalling all their programs, but if I reimage the system at least I don't have to worry about missing a back doors. And I keep months of images around, so an unencrypted version of the data should be available.

              1. Helldesk Dogsbody
                Mushroom

                Re: Backing up encrypted files

                @nerdbert: Nuke and pave. Format, scram disk, reinstall.

                If you're especially paranoid put in a fresh HDD/SSD, take the old one out and put a 1/4" drill bit through it a few times, douse it in petrol and set light to it, once out and cool beat repeatedly with a hammer then encase the remains in concrete and bury in an old mine shaft.

                You could always run it through a degausser instead but it's not nearly as much fun...

                1. Ralph 4

                  Re: Backing up encrypted files

                  Don't forget to dynamite the entrance to the mine and put up a few biohazard and nuclear waste signs.

          2. Jay 2
            Thumb Up

            Re: Backing up encrypted files

            Preach! Can't give you enough upvotes for that one.

            My own personal variant being along the the lines of having a backup strategy is fine, but what about the restore strategy...?

      2. Halfmad

        Re: Price of an education...

        Absolute nonsense, if my documents, desktop are redirected on desktop PCs, laptops have their documents sync'd then the server backup will capture user data too. Server backups in every place I've worked are done daily, sometimes hourly with every two weeks or monthly backup run off on tape and stored in fire safe. I was doing this in the 90s for a small company of 5 people, our CAD drawings were our business.

        It's not a case of it can't be done, if you run a business which relies upon accurate data which you can restore upon equipment failure or malware then it's simply common sense and surprisingly cheap to do. Hell at home I use Crashplan, google drive etc to ensure I have multiple copies going back YEARS.

        Yes it's best to prevent infection but any competent professional will plan for when they can't.

        1. Terry 6 Silver badge

          Re: Price of an education...

          Not even just the pros. That folder of family photos needs to be kept backed up, safe.

          Yet we still hear of distraught people who have lost all their precious piccies because they lost their mobile phone, let alone a HDD. This is 2016 and too many of us, individuals and businesses, still trust to luck that our data will still be available where we left it.

      3. Roo
        Windows

        Re: Price of an education...

        "You have to have layered "defence in depth" backup going back weeks if not months to deal with this. That is generally not available for an end-user PC in _ANY_ company. It is done only for servers."

        I don't recall seeing that bit in your original post...

        OS vendors could nip a lot of this in the bud and avoid having to educate people about backups by shipping their OSes with a default filesystem that supports snapshots. This isn't bleeding edge technology anymore, it has been around for several decades.

        1. Ben Liddicott

          Re: Price of an education...

          Snapshots - a feature provided out of the box on Windows Vista and beyond - can be programmatically deleted, because the ability to delete data is a fundamental security requirement.

        2. Anonymous Coward
          Anonymous Coward

          Re: Price of an education...

          You mean like OS X and Time Machine? The feature that has been baked into the OS since October 2007.

          Oh, I forgot, Register types only consider windows and linux to be acceptable "grown up" OSes, and so they are crying over their overwritten backups as we speak.

          1. John F***ing Stepp

            Re: Price of an education...

            Just wondering, are you trying for down votes?

            Because that type of comment probably gets down voted by Apple users as well.

      4. Alan Brown Silver badge

        Re: Price of an education...

        "A backup containing encrypted files is not particularly useful you know."

        Nor is one where the backups are gibberish.

        This is why backups MUST be tested periodically.

  2. Anonymous Coward
    Anonymous Coward

    Just as well this is only for people...

    Your child has been kidnapped? Listen, it's not YOUR job to break their business model, so pony up the 10 million... hopefully you'll get your kid back in one piece... if not, just "format" and "start again"...

    1. Adam 52 Silver badge

      Re: Just as well this is only for people...

      The combination of military force and a refusal of insurance companies to pay out has pretty much eliminated Somali piracy.

      (with apologies to the historic victims who are still being held)

      1. herman

        Re: Just as well this is only for people...

        No, the Somali pirates were eliminated by private security companies who simply shoot and sink any small boats that come close to the big ones - a.k.a. Shoot, Sink and Shut-up.

    2. Anonymous Coward
      Anonymous Coward

      Re: Just as well this is only for people...

      In Italy, to put a stop to kidnappings (very frequent in the '70s-'80s - remember John Paul Getty III?), a law was passed to hinder families to pay ransoms. a very hard strategy, true, but it paid off. There are no more kidnappings. Being the State itself hindering payments (up to blocking money), that made threats to families useless.

      (The the State itself pays of terrorists hostages abroad for electoral reasons - and the result is they are a valuable pray for those looking for cash)

      It is true that kidnappers will not most of the times risk a homicide if they can't get a ransom (if they are "professional", to avoid an harsher incrimination) , while ransomware criminals have no reason to give back your data if they can't get money.

    3. Warm Braw

      Re: Just as well this is only for people...

      To be fair, there is an economic argument for paying a ransom to get your data back.The moral argument is secondary.

      There's no economic argument for paying a kidnapper's ransom: even if you don't want the minor inconvenience of having to recreate your genetic progeny there are plenty of second-hand kids available and you may even be paid to take them. There may be a moral argument - guess it depends on the child...

    4. Anonymous Coward
      Anonymous Coward

      Re: Just as well this is only for people...

      How about format that child and DON'T start again.

  3. Anonymous Coward
    Anonymous Coward

    > nor the family tech geek responsible for storing that sad lone copy of family photos

    You may as well treat a ransomware infection as if it were a catastrophic hard drive failure. You have a 2-3% probability per year of that happening in the early life of the hard drive anyway. If you're not prepared for such a failure, well, clearly you were happy to accept the consequences.

    1. Adam 1

      in a way, but

      ... Ransomware can also permeate into backup media. Some of these things sit there for weeks or months silently encrypting and decrypting on the fly. This may be enough on some cases for all backups to be equally rooted.

      1. Frumious Bandersnatch

        Re: in a way, but

        Ransomware can also permeate into backup media

        True, but keeping an eye on the backup process can help detect large deltas.

        The way I do backups has been the same for many years:

        • Use Linux and ext* file system
        • increments start by making a hard-linked (cp -l) copy of previous snapshot
        • Use rsync or similar tool that only overwrites/transfers changed files
        • Similar arrangement for 2nd, 3rd generation backups

        If something were to start encrypting files en masse, I would see it pretty soon, either in the rsync summary (being longer/larger than usual) or in the size of the increment as stored on the disk---after the backup, I calculate the delta size by counting files that only have a single hard link; these must be the changed files. Because hard-linking takes up relatively little space, I maintain these "snapshots" going back for quite a long time and only delete them manually, so that gives me a second chance to notice any damage and to roll back when it does happen.

        I also use a hand-rolled file integrity system based on the same idea as the "shatag" tool. I will periodically update SHA256 hashes for all files and store them in the file system as extended attributes. I also collate these hashes across all machines and use the metadata to enforce a replication policy across multiple machines (or at least to verify that it's working). I've also got a separate scheme (using erasure codes to give a high level of redundancy with modest overheads) for cold/archival data.

        One other thing I've toyed with is using the LVM snapshot facility. It could replace the hard-linking scheme I use to some degree. In this case, larger-than-expected deltas would overflow the copy-on-write buffer, alerting me to something strange/unusual via a message about a failed backup. I prefer the hard-linking scheme, though, since it's more permanent and gives better historical integrity. LVM's snapshot facility is perfect for backing up volumes with databases on them, though, since you get an atomic backup without needing to lock the database first.

        1. Adam 1

          Re: in a way, but

          Your process is admirable, but not in the realm of technical capability of Aunt Kath. Remember the comment thread you are replying to basically says that about 3% of disks will fail without any malicious ransomware, so it is hard to have sympathy for those without backups. That's why I think of who the victims are. The average El Reg commentard is too super DevOps skilled to fall for the phishing schemes that deploy this ransomware. But our Aunt Kath will go right ahead. So the people most at risk of infection would have no clue what rsync or hard links mean and the concept of incremental backups isn't even on their radar.

          1. Anonymous Coward
            Anonymous Coward

            Re: in a way, but

            There is so much CRAP backup software out there, that Aunt Kath will be very lucky to avoid paying.

            Lets assume that she uses windows. Virtually none offer a bare metal system backup. So we also assume she is backing up only her treasured photos.

            Most simply synchronize a copy of whatever is current in the cloud, there are not a lot that provide previous versions, if they are indeed actually working ( not at all helpful cause the photos are now encrypted! )

            So even if Aunt Kath tried to do the right thing, the market will mean that she has probably failed.

  4. Seajay#

    It is our job to uphold the law

    The law and the police aren't something outside of society (or at least they shouldn't be). They are just some specialists that we as a country are employing to help us in achieving our ideal of how society should work. The job of creating that society in the image that we want is ours.

    You wouldn't, I hope, ignore a shoplifter or walk past some teenagers mugging an old lady. How is this different?

    1. Ben Liddicott

      Re: It is our job to uphold the law

      I've upvoted you for the sentiment, but you asked "how is this different"?

      If I saw someone breaking into a car and stealing a hard-drive or a camera, I wouldn't ignore that, of course. As you say it is our duty to intervene.

      But if someone stole a hard-drive containing my family photographs, or the only copy of (encrypted) customer data, or unencrypted sensitive information, or a camera whose card contains the only copy of someone's wedding photographs, I would pay the thief to get it back.

      What's the difference? One is a crime in progress, the other is mitigating the damage from a crime which has already occurred. They are different.

      1. Seajay#

        Re: It is our job to uphold the law

        You're right it is different and I've probably been a bit lazy with my analogy. But there are two crimes; one is encrypting your hard drive and the other is extortion. The latter is still in progress at the point you're deciding to pay the ransom.

        Fun fact. If you suspect that the ransomware group may be funding terrorists and you pay them anyway then you are a criminal too.

        https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/382438/CTS_Bill_-_Factsheet_9_-_Kidnap_and_Ransom.pdf

        1. Ben Liddicott

          Re: It is our job to uphold the law

          If I'm mugged at gunpoint, that's a crime in progress, but I'll be handing over my wallet all the same. If a child is kidnapped in practice you find that often people do what the criminals want first, then go to the police only afterwards.

          Comparing on the one hand, paying an extortionist to retrieve irreplaceable property, and on the other, being too idle to shout "Oi!" at a casual thief, is just silly. They are different.

        2. Vic

          Re: It is our job to uphold the law

          If you suspect that the ransomware group may be funding terrorists and you pay them anyway then you are a criminal too.

          ...then you might be suspected of being a criminal too.

          For you to become a crimnal would require a jury to find you guilty.

          Vic.

          1. Seajay#

            Re: It is our job to uphold the law

            For you to become a crimnal would require a jury to find you guilty.

            I would say that if you commit a crime, you're a criminal. If you haven't been found guilty then (quite rightly) the criminal justice system will treat you as innocent, no newspaper would be allowed to call you a criminal, etc, etc. But without wanting to get in to too much of a philosophical discussion of Objectivism, there is such a thing as reality. It may be the case that what matters for the question of whether you should be treated as a criminal is whether you have been found guilty. But for the question of whether you are a criminal, all that matters is whether you committed the crime.

      2. Just Enough

        Re: It is our job to uphold the law

        "What's the difference? One is a crime in progress, the other is mitigating the damage from a crime which has already occurred. They are different."

        No. The second is actually adding another crime to one that has already occurred. First you have the crime of theft, and then you have the crime of extortion that is still underway at the point you hand the money over. So they are both ongoing, and not as different as you suggest.

      3. Anonymous Coward
        Facepalm

        Re: It is our job to uphold the law

        Why pay the person holding your belongings to ransom?

        Why trust them twice over? The first time with what they now have, the second time with what you are now giving them?

        If you start paying shoplifters to take items from your store and return them... is it not a rod for your own back?

  5. Anonymous Coward
    Anonymous Coward

    Dont be so harsh

    Most of the victims are not IT savvy, you cant blame people for that.

    The ransomeware plauge has made me change my back up plans, especially as malware now deals with networked drives etc.

    So i now have 3 back ups, the cost of a 3tb drive is small enough to justify the cost and my songs, pics and docs which i have collected since i was using my Amiga are more precious to me than a 90 quid hard drive.

    People need educating, not berating for not being IT savvy. Remember, some of these non IT people are surgeons, solicitors, scientists. Not understanding malware does not automatically mean they are not intelligent.

    1. Paul Crawford Silver badge
      Unhappy

      Re: Dont be so harsh

      Sadly most people, including some IT-literate sorts, simply have no plan for data loss. It could be a HDD failure, some "gross administrative error" formatting something, a laptop being stolen, or a cryptolocker attack. Sooner or later it happens (couple of % per year for HDD, no idea how common cryptolocker is in comparison) and only then do most folk do anything about it.

      When its too late.

    2. goldcd

      Relying on something you don't understand

      is stupid.

      I own a circular saw I bought for one job. I pretty much could guess how it worked, but after revving it up and realizing I could take my leg off with this thing, I did half an hour of safety research before embarking on the single 15 second job it ever did.

      Problem is that computers are sold as "being easy" with vendors of all ilk going out of their way to tell you all the wonderful things you can do (/expose/lose if it goes wrong).

      If somebody breaks into your house and steals your TV (does anybody do this any more..anyway..) - The police would be expected to come round, dust for prints, and make a vague attempt to recover your TV.

      Can you imagine walking into your Police station with an encrypted laptop and asking them for help?

      1. Anonymous Coward
        Anonymous Coward

        Re: walking into your Police station with an encrypted laptop

        Is that safe? What if they thought you seemed a bit suspicious and so demanded you supply the decryption keys for your laptop under RIP?

      2. Seajay#
        Holmes

        Re: Relying on something you don't understand

        I think you may be disappointed with the actual response you get from the police if someone steals your TV. It pretty much amounts to "Have they? Oh dear. Here's a crime number for your insurer."

      3. shin

        Re: Relying on something you don't understand

        Exactly. 2016. IT knowledge is necessary to live in today's society. LEARN IT! (Unless you'd rather go farm for a living, that's cool then.)

    3. Anonymous Coward
      Anonymous Coward

      Re: Dont be so harsh

      No, they need berating and shaming for being too LAZY to learn even the BASICS of IT. It's 2016 - time to stop catering to the intellectually lazy.

      If someone refused to learn anything else needed to live in today's world, people would call them crazy, etc. But if it's tech related--in today's COMPLETELY tech dependent world--OH NO, it's okay if you're intellectually lazy... someone will wipe your arse for you every time.

      Time for people to either put out the effort to learn technology, or STOP using it (and screwing it up for the rest of us) entirely!

  6. Adam 52 Silver badge

    How sad. You complain about ransomware and then recommend that people finance the criminals' business model.

    We need herd immunity, otherwise these scams will become (even) more sophisticated and more frequent.

  7. Halfmad

    It's not three choices for most businesses, only those run by idiots.

    Paying up means potentially getting items decrypted, it can also mean getting nothing back or getting partial data back - which is arguably far worse than accepting some data loss and restoring from a known good backup source.

    1. toughluck

      Re: It's not three choices for most businesses, only those run by idiots.

      And nobody ever considers data theft and tampering. So you get "your" "data" back, but never consider if the crooks tampered with your payroll records and updated the bank account numbers with their own? Come payday, you pay them a second time.

      What if the highly confidential documents you had were stolen? You wouldn't want your competition to go over them, would you? So you pay them again. Do you trust them enough that they never showed the documents to anyone?

      1. dajames

        Re: It's not three choices for most businesses, only those run by idiots.

        What if the highly confidential documents you had were stolen? You wouldn't want your competition to go over them, would you? So you pay them again. Do you trust them enough that they never showed the documents to anyone?

        The malware artists won't have taken your documents away -- just encrypted them in situ so that you can't access them. What you get (of you're lucky) when you pay the "ransom" is not a clear copy of the documents, it's a key you can use to decrypt the copies that are still on your PC.

        Methinks a hacker who wanted to alter your payroll data or steal your documents for blackmail purposes wouldn't draw attention to his visit by leaving ransomware as a calling card.

        1. Alan Brown Silver badge

          Re: It's not three choices for most businesses, only those run by idiots.

          "The malware artists won't have taken your documents away"

          The bandwidth of a copy is trivial. How do you know they haven't?

  8. Doctor Syntax Silver badge

    "To this end the FBI and others would be better saving their breath and offering advice about how victims can identify and then decrypt their ransomware infections, rather than delivering sermons from an ivory tower"

    However although "breaking criminal business models is not, however, the job of the system administrator" it is the FBI's job so the best thing they could do is get on with it.

  9. Ian K
    Stop

    Expectation?

    "There is considerable risk here and all payments should be made with the expectation that crims will take the money and run."

    Surely if the expectation is the scammers will take the money and run you shouldn't pay?

    If you don't think you'll get the data back in any event then write it off as lost, and don't give your money away for no benefit.

  10. Tom 38

    Vikings, eh

    And that is called paying the Dane-geld;

    But we've proved it again and again,

    That if once you have paid him the Dane-geld

    You never get rid of the Dane.

  11. toughluck

    What happens if plods capture the perp before you pay?

    Suppose your PC got infected with ransomware and you got the message, etc., but police managed to capture the criminal behind the ransom, but you didn't pay up yet? Do you have any chance to get your files back, or are they completely lost?

    1. The Masonator

      Re: What happens if plods capture the perp before you pay?

      This is a good and perfectly reasonable comment, and I cannot think why it was down voted.

    2. Anonymous Coward
      Anonymous Coward

      Re: What happens if plods capture the perp before you pay?

      It depends on whether you find out about it in time, and whether the ransom-bound keys are recovered by law enforcement, and whether they actually work to find who needs them, and whether they deliver. At least you can prove that a key is right whereas if you paid them, good luck proving any of their money came from you...

  12. Just Enough
    Facepalm

    patently false

    "The cops are the only ones who really care if the criminals are caught,"

    This is a patently false statement and equally exasperating and depressing that it's even being said.

  13. Anonymous Coward
    Anonymous Coward

    I can understand that law enforcement doesn't want ransomware "to pay"

    But the fact is that in business, the cost of paying is lower than losing data or being unproductive for days or weeks. So I guess:

    A) Backups! Keep them on stored media if possible? (You might unintentionally back up the ransomware if you back everything up to a storage device)

    B) Harangue users about opening attachments and going to links from unknown sources.

    C) Like walking outside in winter, lots of layers are best, except in this case we're talking security.

    D) I suppose that air gapping would help, if you have some systems or networks where it is practical to do that.

  14. Aodhhan

    The FBI Does NOT Recommend Paying Up

    Mr. Pauli,

    Once again you bunk up an article because you didn't read your source correctly. This, or your just remarkably stupid. This is what the FBI's website states:

    The FBI doesn’t support paying a ransom in response to a ransomware attack. Said Trainor, “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity.

    Just another left wing idiot who repeats what others tell him, instead of doing research himself and using his own brain to critically come to a conclusion.

    So, reread the FBI's web page. The information provided is sound.

    1. David Nash Silver badge

      Re: The FBI Does NOT Recommend Paying Up

      @Aodhhan

      The article did NOT say that the FBI recommends paying up.

      In fact I believe it was the author saying that paying up was reasonable under many circumstances, despite what the FBI said.

      To quote:

      The Bureau recently advised organisations not to pay lest they "embolden" criminals and encourage others to take start using ransomware.

      Trainor added that "by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

    2. JLV

      Re: The FBI Does NOT Recommend Paying Up

      -1 for left-wing idiot (center-right myself, not a lefty). No need for political insults, is there? Was there anything political in the article?

      2nd, you mistakenly conflate your expertise (which I accept at face value) in issues involving high-profile, high-value targets, such as DoD and banks with its applicability in this case.

      The situation is very different. In one case, the organization presumably has high value, sensitive information. And, one would hope, actual restorable backups somewhere. Along with a staff and consultants to deal with the damage. The perps are doing this on a low volume basis, so they may as well extract as much from one victim as they can, no reputation to manage.

      On the other side is Joe Shmoe, homeowner. No significant value data, outside of confidential info whose confidentiality is fried either way, whether you pay up or not. No staff. Possibly no backup. Data which is many case is just going to be photo/video in nature.

      The perps' best interest could be to "appear honest" and actually restore the data, since they cast a wide net and hit many victims.

      i.e. you are in the right in your sphere of work. But it does not automatically transfer to the modern ransomware phenomena which seems to scale best with automation, many victims and minimal subsequent manual exploitation by the initial perps (though I wouldn't be surprised at selling off the data to other crims for future exploitation). Time will tell.

      This article is food for thought. I don't agree with it entirely and I think planning and backups are the better plan. But I agree even less with your glib over-generalizations and dismissive disdain of those who don't have your expertise.

  15. Aodhhan

    Mr. Pauli's Informed Opinion

    What a gaffing laugh this is. Perhaps Mr. Pauli won't mind reimbursing a victim then... when they take his advice, pay up, but don't receive a key to unlock their data. Or the data has been screwed with.

    I've been in InfoSec for a long time. Working for both the Department of Defense and banking industry. I know many of my peers, and I can't think of one person who in general and as a rule recommend paying the ransom. There may be a few exceptions where the risk is acceptable, but for the most part... it isn't.

    The big factor your informed opinion lacks is: loss of control over the data. In short, your data is no longer trustworthy. You don't know what changes have been made to it. What code has been added to it, etc. You may get your data back, but it may come with some extra bits you don't want. You're basically paying for f-up'd data which could cost you a lot more later on.

    It's apparent you and your other 'informed' friends aren't very experienced with ransomware, outside what you hear from other people with opinions but little experience.

    1. Anonymous Coward
      Anonymous Coward

      Re: Mr. Pauli's Informed Opinion

      I suppose there are instances where some data is obvious if tampered with, photos and video. But you'd have to strip it of everything except the raw images to be safe after the fact.

      Oh, and I'd only attempt the physiological payment, not the economic one with these guys. Though just spending time on the effort might be enough of a waste.

    2. melts

      Re: Mr. Pauli's Informed Opinion

      maybe blinkered by your own experience you assume there is a big factor; the loss of control of data

      however for the high volume low value cryptolocker business they don't have the time to try and process your data and do something with it. it would be possible (but no cases confirmed yet) that they would locate files of value based on location or extension, like data from accounting software, and transfer that out while encrypting your data. but the scheme here isn't to steal data, something that would be best done with a rootkit botnet tool, but to encrypt the files and ask for payment.

      and if the web is full of reports of the decryption failing / data being tampered when paid then they would see a decrease in payments, as the author noted. Ransomware hasn't shown signs of data siphoning.

      i think rather, when thinking about data theft and modification you should be worried about the silent rootkit-botnet that you've had installed for months, which once it has collected your important data then deploys some ransomware to encrypt your photos and what not to squeeze the last cash out of you.

      i don't advocate paying ransomware, instead i advocate multiple high quality backups. I'm yet to find the perfect solution for the home user, but third party software backing up to an infrequently connected usb drive usually stored elsewhere generally ticks the boxes, as long as you can afford to lose the data between connections and backups.

      that said, most home users I come across don't have any backup, so paying to have a harddrive recovered or a ransom, it's all they can do it get it back.

  16. JLV

    Prisoners' Dilemma:

    if no one paid, there would be no ransomware

    if you pay you (may) get your data back

    1. Anonymous Coward
      Anonymous Coward

      Re: Prisoners' Dilemma:

      I'd even go so far as adding that this contains an element of "the tragedy of the commons" in that the criminals are fouling the common internet.

  17. ecofeco Silver badge
    Facepalm

    Wait. Embolden?

    Embolden? This guys is a fucking moron so no surprise at his statements.

    He needs to embiggen his educationing.

    1. Vic

      Re: Wait. Embolden?

      Embolden? This guys is a fucking moron so no surprise at his statements.

      It seems that "being a fucking moron" is on the job description for FBI mouthpieces at present...

      He needs to embiggen his educationing.

      As do we all. But in this case, his use of the word "embolden" is correct.

      Vic.

  18. AlexV
    Mushroom

    Sorry, but your computer is toast

    Yes, paying ransomware is bad for society in general, and you might not even get your data back, but ignoring all of that there's still the fact that your computer has been compromised by bad guys. If you pay them, it's been compromised by bad guys who know you have the means and willingness to give them money.

    That is not your computer any more. Whether you get the data back from it or not, you can't trust anything on it.

    Time to wipe down to bare metal. If you have the skills, you could try and first determine how it was compromised to avoid future repeats, but the thing's good for nothing else before it's been cleansed with fire.

  19. RudderLessIT
    Alert

    Speaking from experience

    We recently experienced Cryptolocker and whilst we recovered pretty well, it was not a pleasant experience.

    There were three features that kept us from the front pages:

    1. The virus didn't replicate itself (apparently some now do)

    2. We have four hourly backups to a cloud provider

    3. This one will draw some heat from the many anti-microsoft readers (if they scroll this far down): We change the location of My Documents from their local drive, to OneDrive for Business. OneDrive (and SharePoint) comes with version control, so should one version be encrypted, simply restore the previous.

    There was no f(*&ing way, I was going to pay these bastards.

    So no matter what systems or tools you use, your objective should include finding a way to NOT store data, only on a device.

    I hope this helps.

    1. Anonymous South African Coward Bronze badge

      Re: Speaking from experience

      'strue, it is NOT a pleasant experience. Had the same thing myself.

      It is cheaper buying backup devices than paying the bastards their ransom...

  20. dajames

    Just don't pay ...

    Making random payments to unidentified bad guys in the hope that the data fairy will grace you with a visit sounds like hopeless optimism, to me.

    ... but if the purpose of the ransomware is to extort money to fund a terrorist organization it may (depending on where you live/work) be a crime to pay to the ransom. Even where it is not directly a criminal offence any victim who decides to decides to pay is likely to attract uncomfortable scrutiny from the security forces.

  21. Colin Tree

    money trail

    Pay the ransom, follow the money trail, catch the crooks.

    Isn't that a modern policing method ?

    S'pose it depends how much wasn't backed up, whether you can rebuild your data, and the value.

    simple maths

  22. Anonymous South African Coward Bronze badge

    ...makes the Stoned virus looks tame...

  23. HamsterWrath

    Yet Another Reason to use LINUX. You can keep your ransomware, I have work todo.

  24. jimmyo

    FBI could make plenty of fake trails on forums etc about these 'professional' ransom attacks, falsely claiming that keys were not forthcoming after payment was made. That's one way to discourage payment -- users will google the message and draw the conclusion that it's not worth paying. Not a completely legit strategy but not as bad as most of the stuff they get up to.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like