It's OK To Pay Ransom For Data But Not For People?

The rise of ransomware is forcing us to reevaluate our approach to negotiating with criminals.

Last week, the city of Plainfield, New Jersey became the latest victim in a scheme where hackers demand payment in exchange for the release of encrypted computer files. Dubbed ransomware, this type of attack relies on unwitting computer users who download malware which then encrypts data files and holds them for ransom. In this case, the hackers wanted 500 euros for releasing the files back to the city.

“We were attacked by a ransomware virus and we responded as quickly as we were able to. We immediately informed the (Union County) Prosecutor’s Office, State Police and the Secret Service, and all of these agencies have been involved since we got this message,” city Mayor Adrian Mapp said. “The TeslaCrypt 3.0 virus was inadvertently introduced into the system by a city employee and quickly managed to infiltrate some of the city’s shared servers.”

Ransomware is on the rise. According to the Washington Post, for nine months in 2014, the FBI received 1,838 complaints about ransomware that cost victims an estimated $23.7 million. In 2015, the FBI received 2,453 complaints, costing more than $24 million. “Ransomware has been around for a long time, but we’ve never seen a concerted manual effort by hackers to break into a network, hang out for a year, spread to all the machines and then install it everywhere,” said Val Smith, chief executive of Attack Research in an interview with the Post. “This is a major shift in effort.”

These types of schemes, like most phishing attacks, work by convincing users on the target network to download a file which then encrypts the victim’s files or otherwise locks them out. Most times this happens when a user clicks a link in an email or opens an attachment. Then the malware runs rampant. Surprisingly, the ransom usually demanded by hackers is low and more victims appear willing to pay up.

Early in February, Hollywood Presbyterian Medical Center was infected with ransomware that shut down their communications. To regain control, the hospital made the decision to pay the hacker. “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” the hospital’s chief executive said. “In the best interest of restoring normal operations, we did this.”

The 434-bed hospital paid 40 bitcoins (about $17,000 at the time) to restore normal communications.

Some have argued that 2016 is the year of ransomware and that in some cases, it’s best to pay up. In fact, the FBI, while not recommending that victims pay ransom, do suggest it as an option when ransomware has infected a company network. In a statement provided to the blog naked security, the FBI says that  “the FBI doesn't make recommendations to companies; instead, the Bureau explains what the options are for businesses that are affected and how it's up to individual companies to decide for themselves the best way to proceed. That is, either revert to back up systems, contact a security professional, or pay.”

My question is why pay ransom at all? For example, if a terrorist kidnaps someone, it’s common knowledge that we wouldn’t negotiate for their return. But, when it comes to data, it’s ok? I’m not sure I buy that. It seems evident to me that paying ransom—whether it’s for the safe return of data or a person—is non-negotiable. It shouldn’t happen.

Orangutans exhibit awareness of the past

Orangutans join humans and bees in a very exclusive club

(Eugene Sim/Shutterstock)
Surprising Science
  • Orangutan mothers wait to sound a danger alarm to avoid tipping off predators to their location
  • It took a couple of researchers crawling around the Sumatran jungle to discover the phenomenon
  • This ability may come from a common ancestor
Keep reading Show less

China’s artificial sun reaches fusion temperature: 100 million degrees

In a breakthrough for nuclear fusion research, scientists at China's Experimental Advanced Superconducting Tokamak (EAST) reactor have produced temperatures necessary for nuclear fusion on Earth.

Credit: EAST Team
Surprising Science
  • The EAST reactor was able to heat hydrogen to temperatures exceeding 100 million degrees Celsius.
  • Nuclear fusion could someday provide the planet with a virtually limitless supply of clean energy.
  • Still, scientists have many other obstacles to pass before fusion technology becomes a viable energy source.
Keep reading Show less

Understand your own mind and goals via bullet journaling

Journaling can help you materialize your ambitions.

  • Organizing your thoughts can help you plan and achieve goals that might otherwise seen unobtainable.
  • The Bullet Journal method, in particular, can reduce clutter in your life by helping you visualize your future.
  • One way to view your journal might be less of a narrative and more of a timeline of decisions.
Keep reading Show less