You should not pay for a ransomware ransom
The main target of hackers when they perform a ransomware attack is to ask for a ransom in return and profit. Traditionally blackmail consisted of having the files encrypted. Imagine a company that suddenly finds all its computers locked up and paralyzed. However, with the passage of time, ransomware has also advanced and can blackmail by making public certain information about a company or user.
To prevent this from happening, cybercriminals ask for a fee to be paid economic amount. But why shouldn’t we pay? There are different reasons, as we will see below.
Nothing guarantees that we will recover the files
The first and most basic thing is that nothing guarantees that we will actually recover the locked files once we have paid. Nor that our data does not end up exposed on the Internet, if that was the threat of hackers.
We may pay the agreed amount and everything remains the same. Cybercriminals simply collect the profits and lay the victim down. It may even happen that later they request more money again, that they only release partial data, that allow access to the files but then threaten to publish them and ask for more money, etc.
May be illegal
But we could also enter legal issues. In certain circumstances it is illegal to pay such a ransom and even not inform the authorities that we have been the victim of a ransomware attack. In the United States, for example, it is a crime.
Therefore, beyond suffering the consequences of being victims of an attack of this type in which we lose files and access to the system, we can incur a legal problem and be even more compromised.
Paying allows cybercriminals to continue their attacks
If we were to pay for a ransomware ransom we would be financing the attackers. They would be achieving their objective, they would see that they can continue to infect users and thus obtain more and more economic benefit. We could even be damaging a certain sector, for example if our company has been attacked and we pay, since cybercriminals would see that these types of companies pay.
That is why, even if it is not our intention, by paying we would be contributing to this problem not ending, but increasing with each payment made by the victims. Keep in mind that a ransomware attack takes little time to execute.
Learning is lost
Another very important issue that sometimes goes unnoticed is that we are going to lose learning. Consider a company that is a victim of ransomware and pays to get files back. They see that simply with that (in case they are lucky) they solve it and do not take into account the learning of the employees or taking security measures.
This, in the long run, is bad for everyone. We enter a circle where ransomware ransoms are paid for and less effort is put into creating a true defense and avoiding the risk of being attacked again.
Ultimately, paying for a ransomware ransom is not a good idea. It can even be harmful to the victim and in order to stop one of the most dangerous types of cyber attacks that exist on the Internet today. It is always important to recognize DDoS attacks, fake emails or any type of threat that compromises us.