We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Ransomware: Should you pay the ransom?

Hendrik Human Cybersecurity Researcher

To pay or not to pay? The ransomware situation is not improving at all. It has definitely come to stay with us. The numbers increase at every moment and are really alarming. In recent years, Ransomware generated a gross annual income of $35 million per Ransomware per campaign. In the third quarter of 2016, 16 new types of Ransomware and more than 10 thousand modifications of existing ones were detected, with new techniques making it more difficult to prevent.

In this article, we will start by looking at the pros and cons of paying the requested bailout. We will also introduce a series of recommendations that will help us mitigate the event and prevent the recurrence of the infection again.

Do I have to pay or not?

But back to the question we all ask when we are infected, do I have to pay or not? Last week, an acquaintance of mine called me because he had been a victim of a ransomware attack and his first question was precisely that. To which, my first response (in jest) is always the same: stay calm and pay the ransom.

Beyond that, in many places, the recommendation is not to pay, not ever! We will leave the door open for each one to make his own decision.

Here are some considerations to take into account to make the decision:

  • Can I recover the information from a backup?
  • Is there a known solution to decrypt infected files already?
  • Are they threatening to make the stolen information public?
  • How important is the information I have lost?

Why pay?

If the decision is to pay the ransom, there are certain measures to take into account before doing so.

First, we must make sure criminals can actually decrypt your files. This happens because they often buy ransomware on the black market and do not even have the keys to decipher them. So make sure you can do it before you pay. You can usually send a file and have it returned decrypted to show they can do it.

Another consideration to take into account is that it is not very simple to get the bitcoins quickly, since we remember that in most cases, after a few days, the possibility of contacting the owner of the keys to recover your files will expire. In addition, bitcoins will not be available at the published reference price. That is why many companies are starting to have bitcoins bought in advance to prevent an attack, and, in the case of having to pay, to have them.

Last year at a security conference, a special agent in charge of the FBI's cyber-counterintelligence program at the Boston office said, "Being honest, we sometimes advise people to simply pay the ransom."

His statement was made with the most benevolent intentions, considering that often there are no alternatives if we wish to retain even the slightest hope of retrieving the files.

Why not pay

There are many reasons not to pay.

If you do, criminals will know that you are the kind of person willing to pay money to regain access to the data. They will also know that the type of industry you are engaged in is likely to be willing to do the same. You leave a mark for the next attack.

Another reason not to make the payment is that we have seen many companies that after doing it are not willing to change their work habits, or carry out campaigns to prevent the event from happening again. For this reason, one should be committed to change their behavior and prevent this from happening again since if, soon after, they again end up being victims of an attack.

One more reason not to pay the ransom is that we cannot be sure that once we have paid the ransom we will get our information back, since they may not have the keys to decrypt them. Also, there is no way to prevent attackers from demanding more money.

Are you willing to finance this new market?

You should know that if you pay for the ransom, you are helping to create a new market for cybercriminals, which can lead to more Ransomware and other types of attacks. We must also consider the same ethical reason for funding illicit or criminal actions in addition to growing this illegal business and creating increasingly strong cybercriminals.

Likewise, we take into account that according to unofficial data, in 90% of cases, once the payment has been made, criminals return the data. This is because they try to keep the business model because if they did not, people would automatically stop paying and their income would fall.

Some extra tips

It is very useful to have in advance a procedure or decision on how to deal with Ransomware. Then, when we are victims of an attack, we will know what actions to take and cannot take us by surprise.

In either case, pay or not, it is always important to report the incident to sites like ODILA or No more ransom! That will guide us to different pages to officially denounce the crime and thus commit ourselves to battle cybercriminals.

The best decision

The best decision is not to have to make the choice of pay or not. Maybe, it sounds tricky, but what I am trying to say is that the prevention is the best path to take. Prevent a Ransomware infection and you will not have to face the difficult decision to pay a ransom.

And to prevent Ransomware you have to develop a layered-oriented security. Each layer of your security plan must be able to defend your organization for one or more attack vectors. And there is no magic layer. There is not a silver bullet. Security is not an isolated solution. And remember: The people in your organization are the first target of cybercriminals. So, also include them in your security strategy, because they are the gateway of most of the Ransomwares.

You can take a look at Smartfense here.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Hendrik is a writer at vpnMentor, specializing in VPN comparisons and user guides. With 5+ years of experience as a tech and cybersecurity writer, plus a background in corporate IT, he brings a variety of perspectives to test VPN services and analyze how they address the needs of different users.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address