It’s something no one wants to see happen to their device: A blank screen and a message like “Your files have been encrypted.” Sometimes, these messages purport to come from some seemingly trustworthy source, like the government or a cybersecurity firm. Other times, cybercriminals make it abundantly clear that you are the victim of a ransomware attack.
Thousands upon thousands of ransomware attacks occur every day, and many if not most of these attacks target home networks, which tend to be embarrassingly insecure and vulnerable to attack. Attackers tend to demand a steep but not unreasonable sum — maybe a thousand dollars or more — for the encryption key and safe return of stolen data, and most home users are sorely tempted to take that seemingly easy option to end their suffering under the attack. However, you shouldn’t pay the ransom, and here’s why.
You Probably Won’t Get Your Files Back
There might be honor among thieves, but there is little honor between a thief and a victim. Just because the ransomware says that paying the ransom will return your files doesn’t mean that cybercriminals will put in any work to make it so. More advanced ransomware might deploy the decryption, but few cybercriminals bother with this step. More likely, they will give you back control of your computer, but they won’t bother with decryption, unhiding or otherwise setting your device back to what it was before. Thus, if you pay the ransom, you’ll be out that money as well as all the time and energy you will expend trying to locate and fix all your data.
You Definitely Won’t Get Your Money Back
Typically, when you pay someone for a service and fail to obtain that service, you can file a complaint and get your money back. However, if you pay the ransom and the thief doesn’t return your files, there is no refund available. First, many ransoms are paid in cryptocurrency, which is an opaque system that you probably don’t understand well. Secondly, you don’t know your cyber attacker, so you cannot sue them as you might a more legitimate business; rather, if the attacker is identified and found (which is a big if), they are more likely to go to jail for criminal activity than they are to pay you back, and the government isn’t responsible for crime-related losses. Because ransoms can be rather extreme sums, even tens of thousands of dollars, it is best to skip the risk and not pay.
You’ll Be More Vulnerable to Future Attacks
If you pay the ransom, you might regain your files — but you can almost guarantee that the malware hasn’t left your device. Once malware has made its way onto your device and deployed its attack, there is no saying what other damage it has done, is doing or will do in the future. Most malware these days does multiple things to capitalize on its successful infection; it might launch a ransomware attack, but it probably also installs spyware and adware, cryptojacking software, a botnet service and a suite of other malicious tools that allow hackers free access to your device and data. In truth, you need to use a ransomware removal service to truly rid your device of all the nefarious programs it is suffering from. Otherwise, you are likely to fall victim to another type of attack in the near future.
You Are Enabling Cybercrime in General
Every single time a cybercriminal succeeds in gaining money from their malicious deeds, they reaffirm their commitment to this career path. Well-funded cybercriminals are supported in their efforts to develop more malware and other types of cyberattack, making the digital world a more dangerous place. Crime shouldn’t pay, but it does, especially if you are directly depositing your hard-earned dollars into the bank accounts of criminals. If everyone stopped paying the ransoms associated with ransomware, attackers would be wasting their time and energy, and they might be compelled to seek more legitimate types of work.
You can’t trust criminals. There is no guarantee that paying a ransom will solve your current problem — in fact, there is plenty of evidence that paying ransomware creators will only exacerbate your plight and make the internet a worse place for everyone. Starting now, you should begin developing a ransomware response plan, which should include a malware scanning tool, ransomware removal services, automatic backups and more. It might seem like work, but it will weaken your temptation to pay the ransom if (when) you contract ransomware.