Ransomware Conundrum: To Pay Or Not To Pay

The onslaught of ransomware attacks continues, and they are getting more sophisticated and harder to decipher, according to Kathleen Richards, editor at Information Security magazine. But on the plus side there has been some effective pushback, she says. This summer a “No More Ransom” portal came online, as a project of the Dutch National Police, Europol, Intel Security and Kaspersky Lab, and it provides good information and free decryption tools. Some experts advise not paying, although sometimes they are met by skeptical corporate victims. (One reported rejoinder to an expert: “You’re crazy.”) A recent survey of companies in the U.S., Canada, Germany and the UK, found 39 percent had been hit with a ransomware attack in the previous 12 months, and more than a third of those had paid. The malware for these scams is typically contracted by clicking emails that have disguised attachments, although the extortionists are now infecting banner ads on legitimate sites, and they are targeting mobile devices. The nature of the spoof continues to evolve, but these days there are three common ones to watch out for and two best practices that will go a long way toward negating the threat.