Hello and welcome! Yes, you’re quite right – it is kind of a long title but, since May 2017’s WannaCry (Wanna Decryptor, .wncry) ransomware attack infected 200,000 computers worldwide, including the UK’s National Health Service and the Russian Interior Ministry, there’s a lot to think about.
To pay or not to pay, that is the question…
The dilemma whether “to pay or not to pay ” ransomware hackers has become the security network industry geek’s most polarizing question since “backup or archive” or the ending of Lost!
Picture the scene… It’s Friday, you sit at your PC, bleary-eyed the morning after the night before too many Budweisers or Pinot Grigios and all-you-can-eat buffalo wings from Big Wang’s Fun Sports Bar. You fire up your machine, open Outlook, read a frankly bizarre e-mail from Gary – one of the other parents from Little League – but stop short of double-clicking the attachment.
Well done! Despite your fuzzy head, you just stopped a malware attack. You are Jack Bauer defusing a bomb with two seconds to spare. Go, you!
Only, you would have, if ransomware wasn’t getting sneakier by the day… WannaCry ( WannaCrypt, WCrypt, Wanacrypt0r, Wanna Decryptor, .wncry) encrypted more than 200,000 computers in more than 150 countries.
This isn’t 2015. Nor is it CryptoWall . Outbreaks like WannaCry no longer need you to open nefarious phishing attachments because someone else on your network can do that for you!
Just four employees most likely brought down Britain’s NHS, The Russian Interior Ministry, Spain’s Telef ó nica and Germany’s Deutsche Bahn railway network as their vulnerable public-facing SMB ports were hunted down by the (alleged) NSA-leaked EternalBlue and DoublePulsar exploits.
Think of it like this – the worm and malware combo patrols the Internet like Somali pirates patrol the high seas on the look-out for the most vulnerable Captain Phillips-piloted ships. They hijack the easiest-to-board ship and turn the crew into more pirates to spread the outbreak to everyone every other ship surrounding The Horn of Africa. The result is brutal. Your life flashes before your eyes and begin sobbing uncontrollably, like Tom Hanks in every movie he’s ever been in because every single file on your machine is encrypted. You’re unemployable because you can’t do any work, your partner’s about to divorce you because you lost your wedding video and every photograph of your children since they were born.
Every vacation video – gone.
Your music – gone.
Your movies – gone.
The screenplay you’ve been slaving over for twelve years – gone. All replaced by one devilish, flashing popup window saying: Your files are encrypted. To unlock, pay $300 within 72 hours.
The Ronald Reagan part of your brain insists you will never give in to what is essentially a cyber-terrorism protection racket. Your heart says pay up and you can get on with your life… it’s a hard enough dilemma even if you could be sure you’d get your files back, but there’s no guarantee you will, even if you pay.
Not to mention the fact that you’d be funding criminals and making them more likely to attack others… plus, who knows where that money could end up, you could honest-to-God, actually be funding terrorism.
Even with that in mind, according to a recent Carbon Black survey , a surprisingly high 52% of consumers said they would pay a ransom of up to $500 to unlock their files. Should I pay ransomware? What do the experts advise? Well, non-industry people are citing a quote saying even the FBI advise to give in to blackmail and pay up. In fairness, the quote, which says “The ransomware is that good… to be honest, we often advise people just to pay the ransom.” is not The Bureau’s official line and came from one agent at the Cyber and Counterintelligence Program’s Boston office. It also seems to have been taken out of context, but it doesn’t exactly make your decision any easier, does it?
A quick trawl of the Internet suggests most experts categorically state NO, DON’T PAY but then (such is the “pay up or walk away” nature of the beast) include a caveat suggesting only to pay up as a last resort.
The depressing fact of the matter is there is no real answer. It really is up to you to decide. Perhaps more worryingly is the news is that ransomware attacks are on the increase. Deloitte estimates an increase from 1,000 a day in 2015 to 4,000 a day in 2016 and you can expect those figures to rise exponentially. In the twelve months before WannaCry, Australian organisations had experienced at least one ransomware incident. 57% paid the ransom but almost one-third that paid did not recover their files.
Prevention rather than reaction…
The best advice is to not leave yourself open to attack in the first place: make sure you have a kick-ass cybersecurity program with real-time protection and backup regularly, if not daily.
A cynic might say that Microsoft should not release products with weaknesses, while heroes and traitors (depending on which way you swing) would say:
Microsoft had released a software update which would have protected many from Wannacry , but millions of customers had simply not installed the patch, so pay attention to
those annoying security update windows…