As ransomware attacks continue to cripple networks, most recently forcing medical centres to shut down their systems and turn away patients, the FBI has issued some unambiguous advice for organisations on how they should handle ransom demands:
Don’t pay.
The FBI does not advocate paying a ransom, in part because it does not guarantee an organization will regain access to its data. In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key.
In other words, the FBI says that paying up is no guarantee that hackers will unlock the encrypted data on your computer.
And that’s true. There is no guarantee. And you would have to be in a pretty desperate position to place your trust in anonymous cybercriminals who have already proven themselves to have no qualms about breaking the law and exploiting a situation for their financial advantage.