Ransomware: To pay or not to pay

Discussion in 'malware problems & news' started by ronjor, Sep 30, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,791
    Location:
    Texas
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Read a recent article that the ~ Snipped as per TOS ~ are now targeting small businesses primarily. Appears most will just pay the ransom given it's not exorbitant rather than dealing with the hassle of removing the malware and restoring their files. Also most don't want to take a hit business-wise during the removal/restore process.

    Appears they never heard of the concept of doing system backups.o_O
     
    Last edited by a moderator: Sep 30, 2015
  3. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    That's true, but keep in mind that a lot of businesses have had backups in place - but found that even their backups were encrypted.

    They've had to learn the hard way to practice defensive computing by having backups offline.
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    This is a difficult question.

    The business will have to put everything into scale if they didn't encrypt their work and were compromised by a ransomware. Usually the ransom is around the value of one bitcoin, right? At the moment, that amounts to $237.54 USD (if I'm not wrong). Even small business can have work saved on the computer that would amount to more than that. Not only so, but sometimes business (be them small or big) have important files that relate to long-term customers (such as newspapers or tabloids) and such files cannot be replaced because they only existed on the kidnapped machine.

    With all this in mind, if the rescue value is lower than what the files are worth, I'd pay the ransom. If not, I'd just start over.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    What is needed is a way to help small businesses from becoming victims in the first place by showing them how to set up their computing systems so that unauthorized executable files cannot run.

    Some References:

    http://www.enigmasoftware.com/cryptowallransomware-removal/
    https://heatsoftware.com/security-blog/10324/how-do-you-protect-your-systems-from-ransomware/
    ----
    rich
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    Prevention, prevention, etc. Even some of the basic programs discussed here would block the ransomware. That would be cheaper.
     
  7. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    Problem is, most business owners are not aware of any kind of protection. A good percentage of them still use Windows XP with no antivirus :thumb: Education for prevention is a good thing; too bad most victims will learn the lesson in the worst possible way.
     
  8. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    883
    Location:
    Triassic
    Are these guys small time extortionists who are hitting small business? That is, not big organised crime. It seems to me that if the ransom is one bitcoin it has to be an opportunist. I know some small business people who look at their business as being way too small to be targeted. Their inventory/assets have real value but they have modest earnings. The ones I know have limited computer skills and have this idea that they need to bring in some high priced consultant or super geek to protect their business from attack so they prefer to do no more than the average user does. A daily backup of their data on external media takes minimum effort and expense but it is mind boggling how many do not do this. As they say, you can lead a horse to water, but you can not make it drink.
     
    Last edited: Sep 30, 2015
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Interesting! Would you point to a source for this statistic?

    thanks,

    ----
    rich
     
  10. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    Unfortunately I don't have a source for this specific number, it is based on my own experience :p So it's not reputable.... at all ;)
     
  11. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Wonder how many victims get hit twice or more?
     
Loading...