Is it really worth it to pay ransomware? The FBI has issued a statement recommending victims to not pay the ransom and backup files instead. For some organizations, such as hospitals, the decision to pay ransomware is a life-or-death decision. For others, refusing to pay cybercriminals to unlock the encrypted data could result in millions of dollars of losses, or worse. At the Cyber Security Summit in Boston last October, The FBI’s assistant special agent in charge of the Cyber Counterintelligence Program, Joseph Bonavolonta, suggested that in a majority of cases, companies that fall victim to ransomware attacks cannot recover their files and recommended them to pay the ransom to regain access to their data.
The statement spread quickly, with the sentiment that the FBI was indirectly encouraging cyber-crime by suggesting that the best way to deal with hackers and internet criminals may be to submit to them. Senator Ron Wyden, D-OR, then submitted a statement to the FBI to show that Congress disapproved of Bonavolonta’s decision and that neither Congress nor the FBI endorsed cyber-crime. This series of events has caused the FBI to change their official position on ransomware, and the Bureau now suggests to always maintain backup files on an external server, which would largely eliminate the danger of ransomware. Then, should all else fail, the FBI advises to pay up.