Lately, scripting programs (ransomware) have been increasingly infecting government computers, sometimes even paralyzing city services, as was the case in several American cities. Under these conditions, the FBI has met with city authorities (and extortionists), slightly relaxing its tough stance on paying claims.
In short, the FBI still believes that companies should not yield to hackers’ demands and pay for their data decryption, but now it admits that this option is also acceptable.
“The ransom payment encourages criminals to target other organizations and makes this activity more attractive and profitable for other criminals,” the manual says. – However, the FBI understands that when a business faces a failure to function, managers will assess all options to protect their shareholders, employees and customers.
The general advice for companies when they face extortion is never to pay the ransom. The FBI emphasizes that this encourages abusers. Moreover, studies show that in most cases a company will not even get its data back. However, now the bureau has given up and allowed the possibility that in some cases the company may be better off paying.
First of all, experts say that the idea that payment will stimulate attacks is quite outdated at the moment. After several years of successful attacks, cybercriminals know very well that this way can be earned, even if most victims refuse to pay. The market has already passed the point where the scammers refuse to do their “business” because the victims do not pay – and they stay here.
In some cases, companies are encouraged to at least support the idea of a ransom demand, but only as a last resort – and to do so through a consultant or security professional who is able to verify that the decryption keys work and that all malware is thoroughly cleaned from the computers.
These ideas seem to have reached the FBI. It now says that although it still does not support such payments, it understands that in some cases the victim will prefer to satisfy the hackers. In any case, the FBI wants the victims to report the incident.
Whether you or your organization choose to pay a ransom, the FBI urges you to report extortion cases to law enforcement,” the manual says. – This gives investigators the important information they need to track extortionists, hold them accountable under U.S. law, and prevent future attacks.
In other words, paying ransoms is not recommended, but if you choose to do so, there will be no sanctions from the feds. Often they require a fee for the cancellation of changes that were made to the computer. Such changes may include:
- encrypt data on disk so that the user can no longer access his files;
- blocking access to the device.
Kaspersky Lab’s website explains that extortion programs most often penetrate computers through phishing or by placing them on the website.
After installation, the Trojan either encrypts information on the computer or blocks normal computer operation by displaying a message demanding payment of some amount for decrypting files and restoring the system. In most cases, a message demanding money transfer appears when the user restarts the computer after an infection has occurred.
Ransom messages and how to extort money may vary from region to region. For example, fake reports of unlicensed applications and fake reports of illegal content (a report purportedly from law enforcement agencies about finding child pornography or other illegal content on your computer). Such a message is accompanied by a demand for a fine.
In some cases, you can eliminate the extortion program yourself by using
CryptoMix (offline version)