Never Pay the Ransom – Good Advice?

Virus Bulletin doesn’t think so, according to the article Paying a malware ransom is bad, but telling people to never do it is unhelpful advice.

While the article certainly isn’t encouraging victims to pay up in general, and acknowledges that if (almost) all victims declined to pay up the criminals would be discouraged, it points out that:

sometimes, none of this helps and the only sensible business decision left is to pay the criminals, much as it is bad and much as there is never a 100% guarantee that this will work.

And I have to agree with that. As previously observed on this site:

Security bloggers almost invariably advise you not to pay the ransom. Easy to say, when it’s not your own data that’s at stake…

On the other hand:

…an ounce of prevention (and backup) is worth a ton of Bitcoins, and doesn’t encourage the criminals to keep working on their unpleasant technologies and approaches to social engineering.

Still, I agree that it doesn’t help to censure people or organizations who choose to pay up when there is no other option for (hopefully) retrieving their data.

David Harley

Leave a Reply