It's OK To Pay Ransom For Data But Not For People?

The rise of ransomware is forcing us to reevaluate our approach to negotiating with criminals.

Last week, the city of Plainfield, New Jersey became the latest victim in a scheme where hackers demand payment in exchange for the release of encrypted computer files. Dubbed ransomware, this type of attack relies on unwitting computer users who download malware which then encrypts data files and holds them for ransom. In this case, the hackers wanted 500 euros for releasing the files back to the city.


“We were attacked by a ransomware virus and we responded as quickly as we were able to. We immediately informed the (Union County) Prosecutor’s Office, State Police and the Secret Service, and all of these agencies have been involved since we got this message,” city Mayor Adrian Mapp said. “The TeslaCrypt 3.0 virus was inadvertently introduced into the system by a city employee and quickly managed to infiltrate some of the city’s shared servers.”

Ransomware is on the rise. According to the Washington Post, for nine months in 2014, the FBI received 1,838 complaints about ransomware that cost victims an estimated $23.7 million. In 2015, the FBI received 2,453 complaints, costing more than $24 million. “Ransomware has been around for a long time, but we’ve never seen a concerted manual effort by hackers to break into a network, hang out for a year, spread to all the machines and then install it everywhere,” said Val Smith, chief executive of Attack Research in an interview with the Post. “This is a major shift in effort.”

These types of schemes, like most phishing attacks, work by convincing users on the target network to download a file which then encrypts the victim’s files or otherwise locks them out. Most times this happens when a user clicks a link in an email or opens an attachment. Then the malware runs rampant. Surprisingly, the ransom usually demanded by hackers is low and more victims appear willing to pay up.

Early in February, Hollywood Presbyterian Medical Center was infected with ransomware that shut down their communications. To regain control, the hospital made the decision to pay the hacker. “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” the hospital’s chief executive said. “In the best interest of restoring normal operations, we did this.”

The 434-bed hospital paid 40 bitcoins (about $17,000 at the time) to restore normal communications.

Some have argued that 2016 is the year of ransomware and that in some cases, it’s best to pay up. In fact, the FBI, while not recommending that victims pay ransom, do suggest it as an option when ransomware has infected a company network. In a statement provided to the blog naked security, the FBI says that  “the FBI doesn't make recommendations to companies; instead, the Bureau explains what the options are for businesses that are affected and how it's up to individual companies to decide for themselves the best way to proceed. That is, either revert to back up systems, contact a security professional, or pay.”

My question is why pay ransom at all? For example, if a terrorist kidnaps someone, it’s common knowledge that we wouldn’t negotiate for their return. But, when it comes to data, it’s ok? I’m not sure I buy that. It seems evident to me that paying ransom—whether it’s for the safe return of data or a person—is non-negotiable. It shouldn’t happen.

​There are two kinds of failure – but only one is honorable

Malcolm Gladwell teaches "Get over yourself and get to work" for Big Think Edge.

Big Think Edge
  • Learn to recognize failure and know the big difference between panicking and choking.
  • At Big Think Edge, Malcolm Gladwell teaches how to check your inner critic and get clear on what failure is.
  • Subscribe to Big Think Edge before we launch on March 30 to get 20% off monthly and annual memberships.
Keep reading Show less

Why are so many objects in space shaped like discs?

It's one of the most consistent patterns in the unviverse. What causes it?

Videos
  • Spinning discs are everywhere – just look at our solar system, the rings of Saturn, and all the spiral galaxies in the universe.
  • Spinning discs are the result of two things: The force of gravity and a phenomenon in physics called the conservation of angular momentum.
  • Gravity brings matter together; the closer the matter gets, the more it accelerates – much like an ice skater who spins faster and faster the closer their arms get to their body. Then, this spinning cloud collapses due to up and down and diagonal collisions that cancel each other out until the only motion they have in common is the spin – and voila: A flat disc.

This is the best (and simplest) world map of religions

Both panoramic and detailed, this infographic manages to show both the size and distribution of world religions.

(c) CLO / Carrie Osgood
Strange Maps
  • At a glance, this map shows both the size and distribution of world religions.
  • See how religions mix at both national and regional level.
  • There's one country in the Americas without a Christian majority – which?
Keep reading Show less
Photo by Alina Grubnyak on Unsplash
Mind & Brain

Do human beings have a magnetic sense? Biologists know other animals do. They think it helps creatures including bees, turtles and birds navigate through the world.

Keep reading Show less