Ransomware Kidnapped Your Files – Should You Pay The Ransom?

CryptoLocker and CryptoWall are largely defunct now, but there are new strains of encryption malware at large on the Internet.  If you fall victim to any of the new ransomware exploits such as Teslacrypt or Ophionlocker, there is bad news, and there is OK news, and there may be good news.

The bad news is that once the encryption malware has finished encrypting all of your personal files in the Documents, Pictures, Music, and Video folders and other stuff in your User Profile, the files, while still there, are completely useless to you without the decryption key.

The OK news is that if you pay the ransom, the cyber-criminals running this scam will actually send you the key plus instructions on how to recover your files.  They even provide technical support should the instructions prove to be above your level of user experience.  You know the world has gone mad when you get better tech support from the bad guys than you can get from your Internet Service Provider.  The difficulty with paying the ransom is that you will need to pay in Bitcoin, which means setting up a Bitcoin wallet online, converting some your your dollars into Bitcoin, and then transferring the fee to the account of the perpetrator.  Most cybersecurity professionals will advise against paying this fee, which can vary from $200 to $1000 and sometimes even more.  If these are the only copies of your files, you may not have another option if you want to have all your family and vacation pictures back, and your work product.

The good news happens when you have been backing up your files on a regular basis, or automatically via software or a web service, and can recover your important files from a backup copy.  You can protect yourself from this exploit very easily and at a very reasonable cost by simply subscribing to an online backup service.  Our recommendation is Carbonite, which starts at $60 per year for unlimited backup storage.  For a bit more you can create a bare metal system image that would allow you to restore your computer including the operating system and all applications, as well as you personal files.

In any event, if you are infected with this exploit, once your data is recovered, you really should wipe the drive and restore the operating system, applications and files from scratch.  I know this is a colossal pain in the back, and takes more time (and money, if you hire a professional) but it is the only way you can be sure that the original infection is gone and anything else that the perpetrators may have installed.

More info:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.