It's OK To Pay Ransom For Data But Not For People?

The rise of ransomware is forcing us to reevaluate our approach to negotiating with criminals.

Last week, the city of Plainfield, New Jersey became the latest victim in a scheme where hackers demand payment in exchange for the release of encrypted computer files. Dubbed ransomware, this type of attack relies on unwitting computer users who download malware which then encrypts data files and holds them for ransom. In this case, the hackers wanted 500 euros for releasing the files back to the city.

“We were attacked by a ransomware virus and we responded as quickly as we were able to. We immediately informed the (Union County) Prosecutor’s Office, State Police and the Secret Service, and all of these agencies have been involved since we got this message,” city Mayor Adrian Mapp said. “The TeslaCrypt 3.0 virus was inadvertently introduced into the system by a city employee and quickly managed to infiltrate some of the city’s shared servers.”

Ransomware is on the rise. According to the Washington Post, for nine months in 2014, the FBI received 1,838 complaints about ransomware that cost victims an estimated $23.7 million. In 2015, the FBI received 2,453 complaints, costing more than $24 million. “Ransomware has been around for a long time, but we’ve never seen a concerted manual effort by hackers to break into a network, hang out for a year, spread to all the machines and then install it everywhere,” said Val Smith, chief executive of Attack Research in an interview with the Post. “This is a major shift in effort.”

These types of schemes, like most phishing attacks, work by convincing users on the target network to download a file which then encrypts the victim’s files or otherwise locks them out. Most times this happens when a user clicks a link in an email or opens an attachment. Then the malware runs rampant. Surprisingly, the ransom usually demanded by hackers is low and more victims appear willing to pay up.

Early in February, Hollywood Presbyterian Medical Center was infected with ransomware that shut down their communications. To regain control, the hospital made the decision to pay the hacker. “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” the hospital’s chief executive said. “In the best interest of restoring normal operations, we did this.”

The 434-bed hospital paid 40 bitcoins (about $17,000 at the time) to restore normal communications.

Some have argued that 2016 is the year of ransomware and that in some cases, it’s best to pay up. In fact, the FBI, while not recommending that victims pay ransom, do suggest it as an option when ransomware has infected a company network. In a statement provided to the blog naked security, the FBI says that  “the FBI doesn't make recommendations to companies; instead, the Bureau explains what the options are for businesses that are affected and how it's up to individual companies to decide for themselves the best way to proceed. That is, either revert to back up systems, contact a security professional, or pay.”

My question is why pay ransom at all? For example, if a terrorist kidnaps someone, it’s common knowledge that we wouldn’t negotiate for their return. But, when it comes to data, it’s ok? I’m not sure I buy that. It seems evident to me that paying ransom—whether it’s for the safe return of data or a person—is non-negotiable. It shouldn’t happen.

LinkedIn meets Tinder in this mindful networking app

Swipe right to make the connections that could change your career.

Getty Images
Swipe right. Match. Meet over coffee or set up a call.

No, we aren't talking about Tinder. Introducing Shapr, a free app that helps people with synergistic professional goals and skill sets easily meet and collaborate.

Keep reading Show less

Dead – yes, dead – tardigrade found beneath Antarctica

A completely unexpected discovery beneath the ice.

(Goldstein Lab/Wkikpedia/Tigerspaws/Big Think)
Surprising Science
  • Scientists find remains of a tardigrade and crustaceans in a deep, frozen Antarctic lake.
  • The creatures' origin is unknown, and further study is ongoing.
  • Biology speaks up about Antarctica's history.
Keep reading Show less

If you want to spot a narcissist, look at the eyebrows

Bushier eyebrows are associated with higher levels of narcissism, according to new research.

Big Think illustration / Actor Peter Gallagher attends the 24th and final 'A Night at Sardi's' to benefit the Alzheimer's Association at The Beverly Hilton Hotel on March 9, 2016 in Beverly Hills, California. (Photo by Alberto E. Rodriguez/Getty Images)
  • Science has provided an excellent clue for identifying the narcissists among us.
  • Eyebrows are crucial to recognizing identities.
  • The study provides insight into how we process faces and our latent ability to detect toxic people.
Keep reading Show less

Why are women more religious than men? Because men are more willing to take risks.

It's one factor that can help explain the religiosity gap.

Photo credit: Alina Strong on Unsplash
Culture & Religion
  • Sociologists have long observed a gap between the religiosity of men and women.
  • A recent study used data from several national surveys to compare religiosity, risk-taking preferences and demographic information among more than 20,000 American adolescents.
  • The results suggest that risk-taking preferences might partly explain the gender differences in religiosity.
Keep reading Show less