To pay or not to pay – the dilemma of ransomware victims

While FBI recommends victims to pay the ransom, Kaspersky Lab won back the access to the files for dozens of thousands of CoinVault and Bitcryptor victims.

At the Cyber Security Summit 2015 in Boston Joseph Bonavolonta, Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office, revealed how the bureau treats ransomware. “To be honest, we often advise people just to pay the ransom,” Joseph said.

This is a bad practice. Nobody guarantees that your files will be retrieved even if you pay. Are you ready to pay $500 for getting back your son’s photos or would you prefer to spend the money buying him something nice instead?

Paying the ransom not only sponsors nice meals for the criminals, but also helps fund their future crimes. When thieves see that malware brings profit they are encouraged continue to deceive people.

You can also try to get your files back for free – without paying the ransom. Security vendors upload decryption mechanisms online. While investigating cybercriminal activity, police and security experts obtain decryption keys from malicious servers and share them online. So the precious key can be found on specific websites, such as Kaspersky Lab’s No Ransom.

This autumn a joint investigation by Kaspersky Lab and Dutch police turned out successful in shutting down one ransomware ring that impacted tens of thousands of users in 100+ countries around the world.

We have obtained all the decryption keys for files infected with the CoinVault and Bitcryptor ransomware. The Dutch police even caught the suspects. In total, over 14,000 keys for CoinVault and Bitcryptor were shared on the No Ransom site so that victims can save their hard earned money. If your files had been compromised by any of these two malicious programs, we highly recommend you to obtain decryption keys for free on and, of course, do not pay ransom.

Cybercriminals are not a new kind of a telecom operator, which provides you with services for money. Sure they can offer you a means of removing their malicious programs, but a criminal is a criminal. If you want to pay, be ready for the fact that they may not actually help bring your files back.

Kaspersky Lab will continue working with Interpol and other law enforcement agencies across the globe to help making Internet a safer place.

Unfortunately, there is no panacea for ransomware victims yet. That’s why it’s important to prevent infections: it’s much easier than looking for a way to get encrypted files back.

A good place to start is to make backups regularly, especially for all important data: documents with your poetry, drawings, family photos and videos, files from work and so on — for important and unique things, which would be hard or impossible to recover. However, some pieces of malware can reach even backups.

The most convenient way to protect your files from ransomware Trojans is to use the System Watcher module integrated into Kaspersky Internet Security. It can keep local protected copies of important files and revert changes made by crypto malware. So if you use Kaspersky Internet Security, make sure that the module is turned on.