Your data is being held for ransom. Now what?

Ransomware is an old topic in information security circles. Attackers have been hijacking computers and holding files hostage for years now, typically demanding that ransom be paid in bitcoins.

Some might expect that a majority of people are well aware of the threat by now and that they’re taking the appropriate precautions. It’s therefore reasonable to assume that online thieves have moved on to new tactics.

Sadly, according to a survey Sophos recently conducted, that’s not the case.

Consumers still feel in the dark about how ransomware works and how to guard against it. One of the toughest questions is what to do if your data is in fact hijacked.

Do you pay the crooks or tell them to take a hike?

Typically, security experts advise the latter course because paying the ransom emboldens the bad guys. Others believe there are times where there’s really no choice but to pay.

Respondents admit they’re unprepared

The survey asked 1,250 consumers in five countries about their biggest safety fears, where they sought advice for keeping their computers safe and how much they know about ransomware and other malware.

Respondents said they now worry more about getting robbed online than they do about getting mugged on street corners. But more than 30% admitted their defenses against phishing and ransomware are poor, and that they lack sufficient understanding of how they are targeted and what they can do about it.

It’s not that people are completely clueless about the dangers they face. They simply acknowledged that they’re not as educated and experienced as they’d like to be.

Of those surveyed, 63% said they worry about financial loss as a result of a data breach, with 61% also anxious that their computers could be taken over by hackers who would send spam and malware campaigns to other contacts or innocent users. Less than half – 46% – worry about being physically assaulted or having their car stolen.

More than half of those polled said they give IT advice to family and friends. But 14% of them admitted that they’re unsure about whether they’ve properly backed up the data on someone else’s computer or if they have the ability to recover that data if the computer is ever hacked. Meanwhile, 11% admitted they’re unsure if the computers they look after are truly protected from hackers and viruses.

To pay or not to pay?

One of the big questions for those who become victims: Whether or not to pay the ransom. It’s an issue Naked Security’s Paul Ducklin has focused on. In the article “Ransomware – should you pay?” he framed the issue:

At a typical price point around $300 to $600 (£200 to £400), ransomware can be expensive. On the other hand, think about what might be in those scrambled files: your baby videos; those tax return documents you were supposed to keep for seven years; the dissertation you need to turn in on Friday…how much are those worth?

For better or for worse, most ransomware gangs have acquired a bit of an “honour among thieves” reputation, so that if you do pay over the money, you almost certainly will get your files back. On the other hand, law enforcement and security experts are very likely to say, “These are crooks! This is extortion! If you can possibly take it on the chin, we urge you NOT TO PAY!”

But those are easy words to say if it’s not your data on the line.

We’ve shied away from moralizing about whether it’s always unacceptable to support criminality by paying up, even if you are in a difficult position. But Ducklin did make two suggestions:

1. Don’t pay if you can possibly avoid it, even if it means some personal hassle.
2. Take precautions today (e.g. backup, proactive anti-virus, web and email filtering) so that you avoid getting into a position where you ever need to pay.

How to protect yourself

The trick, of course, is to keep from getting put in this no-win situation in the first place. We regularly offer advice on preventing (and recovering from) attacks by ransomware and other malware.

Here are some links we think you’ll find useful:

• To defend against ransomware in general, see our article How to stay protected against ransomware.
• To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
• To protect against misleading filenames, tell Explorer to show file extensions.
• To learn more about ransomware, listen to our Techknow podcast.
• To protect your friends and family against ransomware, try our free Sophos Home for Windows and Mac.

Techknow podcast — Dealing with Ransomware: