Skip to content
Naked Security Naked Security

Your data is being held for ransom. Now what?

Do you pay the crooks or tell them to take a hike?

Ransomware is an old topic in information security circles. Attackers have been hijacking computers and holding files hostage for years now, typically demanding that ransom be paid in bitcoins.

Some might expect that a majority of people are well aware of the threat by now and that they’re taking the appropriate precautions. It’s therefore reasonable to assume that online thieves have moved on to new tactics.

Sadly, according to a survey Sophos recently conducted, that’s not the case.

Consumers still feel in the dark about how ransomware works and how to guard against it. One of the toughest questions is what to do if your data is in fact hijacked.

Do you pay the crooks or tell them to take a hike?

Typically, security experts advise the latter course because paying the ransom emboldens the bad guys. Others believe there are times where there’s really no choice but to pay.

Respondents admit they’re unprepared

The survey asked 1,250 consumers in five countries about their biggest safety fears, where they sought advice for keeping their computers safe and how much they know about ransomware and other malware.

Respondents said they now worry more about getting robbed online than they do about getting mugged on street corners. But more than 30% admitted their defenses against phishing and ransomware are poor, and that they lack sufficient understanding of how they are targeted and what they can do about it.

It’s not that people are completely clueless about the dangers they face. They simply acknowledged that they’re not as educated and experienced as they’d like to be.

Of those surveyed, 63% said they worry about financial loss as a result of a data breach, with 61% also anxious that their computers could be taken over by hackers who would send spam and malware campaigns to other contacts or innocent users. Less than half – 46% – worry about being physically assaulted or having their car stolen.

More than half of those polled said they give IT advice to family and friends. But 14% of them admitted that they’re unsure about whether they’ve properly backed up the data on someone else’s computer or if they have the ability to recover that data if the computer is ever hacked. Meanwhile, 11% admitted they’re unsure if the computers they look after are truly protected from hackers and viruses.

To pay or not to pay?

One of the big questions for those who become victims: Whether or not to pay the ransom. It’s an issue Naked Security’s Paul Ducklin has focused on. In the article “Ransomware – should you pay?” he framed the issue:

At a typical price point around $300 to $600 (£200 to £400), ransomware can be expensive. On the other hand, think about what might be in those scrambled files: your baby videos; those tax return documents you were supposed to keep for seven years; the dissertation you need to turn in on Friday…how much are those worth?

For better or for worse, most ransomware gangs have acquired a bit of an “honour among thieves” reputation, so that if you do pay over the money, you almost certainly will get your files back. On the other hand, law enforcement and security experts are very likely to say, “These are crooks! This is extortion! If you can possibly take it on the chin, we urge you NOT TO PAY!”

But those are easy words to say if it’s not your data on the line.

We’ve shied away from moralizing about whether it’s always unacceptable to support criminality by paying up, even if you are in a difficult position. But Ducklin did make two suggestions:

  1. Don’t pay if you can possibly avoid it, even if it means some personal hassle.
  2. Take precautions today (e.g. backup, proactive anti-virus, web and email filtering) so that you avoid getting into a position where you ever need to pay.

How to protect yourself

The trick, of course, is to keep from getting put in this no-win situation in the first place. We regularly offer advice on preventing (and recovering from) attacks by ransomware and other malware.

Here are some links we think you’ll find useful:

Techknow podcast — Dealing with Ransomware:


(Audio player above not working? Listen on Soundcloud or access via iTunes.)


It might be worth noting that Word Viewer is retiring in November 2017 according to


Yes, but Office 2016 tags internet-downloaded files as such and opens them in a view-only, macros-disabled mode.


Is point 5 really that relevant to ransomware? Sure, not logging in as an administrator will (usually) prevent malware from modifying system files and processes and changing restricted settings. That in of itself is a good enough reason in the general sense.

But even when logged in as a limited user, you (and the ransomware) have access to your personal files. Which is probably the important stuff that you’d want to keep and would pay to get back. Things would be a bit different in a company, yes; administrators usually have more access. For a personal user though, logging in as a limited user probably isn’t going to help much with ransomware.


You make a good point. I’ve updated the article with what I think are more useful mitigation resources. Thanks for keeping me honest!


There’s never a good reason to give yourself more power than you need. “Not being admin all the time” ought to be part of your digital lifestyle and if it takes the threat of ransomware to get that across…

…let’s call that a sliver lining :-)


If you segment your machine into admin and limited user and only expose the limited user to internet malware you set the machine up so that the file backups of the limited user are protected if the backups require admin privilege to change or modify. Least Privilege has many benefits……


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!