FBI's Advice on Ransomware? Just Pay The Ransom!

[Arty]

I agree with the FBI here. If you don't have backups and you get infected to this degree you either pay them or leave the files behind. Good luck breaking the types of encryptions they use in a reasonable amount of time and no one government wise is going to help you with that.

 

If you have backups this woon't be an issue.

paying the attacker won't solve anything.

expect loosing money.

 

 

Every single person iknow who got them selves into these situations was human error. 

[Belgarathian]

The amount of not understanding here is mind boggling. They are not saying that this is a prevention strategy, they are saying that this is the only course of action to take AFTER it has already happened. No one said to not make backups, no one said to not use safe computing practices, no one said not to use firewalls and antiviruses. All they said was that they cant help you decrypt your information once you have been hacked, so if you want it back you have to deal with the people who encrypted it.

 

Well said. 

[EChondo]

paying the attacker won't solve anything.

expect loosing money.

 

 

Every single person iknow who got them selves into these situations was human error. 

Paying fixes the immediate problem of lost files, of course it can happen again since people are idiots, but paying them is the only way if you don't have backups.

[Arty]

Paying fixes the immediate problem of lost files, of course it can happen again since people are idiots, but paying them is the only way if you don't have backups.

What if you pay them, and they don't unlock?

[EChondo]

What if you pay them, and they don't unlock?

Then you're SOL? What else do you want me to say? Would you rather lose thousands of important documents and pay a couple hundred dollars for the chance to get them back and learn your mistake or start all over?

 

This just recently happened to a family member's friend, they paid $400 and they did unlock the files. Now they learned the hard way to have backups.

[Arty]

Then you're SOL? What else do you want me to say? Would you rather lose thousands of important documents and pay a couple hundred dollars for the chance to get them back and learn your mistake or start all over?

 

This just recently happened to a family member's friend, they paid $400 and they did unlock the files. Now they learned the hard way to have backups.

id Rather just not get into the situation. BUT, as people are complaining, that not the point of the article.

 

 

just curious, did try have to have to money traced?

[Egad]

I like the righteous indignation in here on paying them.  Ransomware makes its money going after the little folks who have a little local server and just enough revenue they can pay but not enough they can afford a full time IT department.  Normally at most they have a part time guy on contract.

 

A full time IT guy of decent standing is probably 30 to 50 thousand per year depending on what part of America you're in, plus benefits.  Ransomware wants 500 to 5000 bucks typically.  The business logic is pretty clear for many small businesses.  Save on the IT guy for years, make a on time payment of at most 10 grand to get your data back, and then pay someone 150k to redo your office network.  Assuming you only get hit by ransomware once ever 5 years, hey it's not that bad.  It's quite disturbing logic from an IT professional standpoint, but honestly for many companies that aren't tech centric, it's probably not as stupid as it sounds.  

 

Frankly even with our disconnected backups if we somehow got hit, we might pay simply because you can only wipe and cycle them back in to service so cycle.  If the local file server goes down we'd be looking at:

 

1. Assume everything in the office is compromised and wipe all machines.  Possibly replacing all drives in the process due to fear of the virus having carved out a little hidden partition that can survive reformats (which is a thing).  That's a couple days even with techs, programmers, and everyone else with basic technical competency working on it.
2. Send a tech to our offsite and disconnected back location to copy the data we need right away off the tapes and onto spinning disk.  
3. Also undergo efforts to ensure credit card info, social security numbers, etc were all properly encrypted and couldn't have been compromised.  

Point 3 is probably a big reason we'd pay.  If they had our file server locked down, we'd pay to decrypt it just to see what exactly the hackers managed to get, then unplug it from everything and have a security expert scan it for anything we need to let our customers know about.  Plus with points 1 and 2, for some of the rush jobs we'd probably have to print things off and manually reenter them into clean systems, because moving 400 TB of data from tape drives in Utah to the office California is going to take some time.  Even just sending out a tech with a bunch of external disks in his trunk is a two day turn around.  

[EChondo]

id Rather just not get into the situation. BUT, as people are complaining, that not the point of the article.

 

 

just curious, did try have to have to money traced?

Yeah totally agree, it's not that hard to have backups!

 

I believe they did, they live in a different state so I couldn't assist in any way really and we aren't that close to them so we haven't kept up to date with the situation.

[spartaman64]

that is stupid most hackers won't decrypt it even if you paid

[spartaman64]

 

most hackers wont decrypt it even if you pay the ransom 

[Deli]

Even if you have multiple backups. What if the backups also got hit by the ransomware?

[Guest]

The amount of people saying that the FBIs recommendation to pay the ransom is ridiculous... is kind of ridiculous. Depending on the severity of the infection, most businesses can't run without their IT for any significant amount of time. There are plenty of case studies showing that businesses who lose access to their IT end up in receivership depending on what is lost. 

 

Imagine Microsoft losing all their payroll information and having their development servers encrypted. You can't afford to have the FBI investigate it for 3 months when you have overheads that will keep costing you regardless of what your staff are doing. Just pay the $1,000,000 ransom and move on. 

Exactly this - some businesses for whatever reason have not invested in a backup solution so have no other choice besides paying.

[Misanthrope]

Honestly I rather have their admitted incompetence vs "Oh well see we have this bill that will let us make all encryption illegal and would let us put backdoors on everything if you only support this bill we could recover your data in the future you know...."

 

Which you know is what they want by letting a story like this leak, they want people to call for a ban on all encryption and such.

[PlayStation 2]

Eat a dick, FBI.

You're the fucks that are supposed to be taking these people down but you're just encouraging them.

[Syntaxvgm]

in a situation where backups are not available or are also affect (it actually happens, and PLENTY of companies have not invested in a proper backup process/disaster recovery) the data on there is worth paying for, by far. 

[patrickjp93]

Seriously people, you're angry at the FBI for being unable to crack the encryption standards enterprises use to protect their data without days of brute force calculation? Really? This is an inevitability of good encryption. An ounce of prevention (disconnected backups, not visiting sketchy sites, using ad block, etc..) is worth a pound of cure (pay up or break it by force). Opal and AES 256 really are that good. Get over it.

[patrickjp93]

thats why you have read-only backups lol

Corrupt the firmware and read only isn't read only.

[Decon]

Corrupt the firmware and read only isn't read only.

then you keep your storage connected to firmware devices with true ROM chips for the microcode. Or as many have said you have ​disconnected backup lol

[SansVarnic]

So stupid to advise this.

So your kid gets kidnapped don't pay the ransom - but if they hack your shit do pay the ransom.

Who is responsible for this kind of thinking? The jack ass that spouted that should be hung.  :mellow:

[patrickjp93]

Eat a dick, FBI.

You're the fucks that are supposed to be taking these people down but you're just encouraging them.

The FBI is working to catch them. If you get hit and have no backups, you still have no choice. Trace the payment and work quickly. It's a brilliant criminal strategy really. The reality is cops and robbers are always vying for being ahead. This year it's the robbers. That's how the cookie crumbles.

[patrickjp93]

then you keep your storage connected to firmware devices with true ROM chips for the microcode. Or as many have said you have ​disconnected backup lol

Disconnected backup makes your entire point moot. And even ROM chips can be rewritten if you know how.

[patrickjp93]

So stupid to advise this.

So your kid gets kidnapped don't pay the ransom - but if they hack your shit do pay the ransom.

Who is responsible for this kind of thinking? The jack ass that spouted that should be hung. :mellow:

Humans smuggling humans are easy to track, especially on a phone call. Hacker over a secure VPN in the TOR network, not so much. Kidnappers have the leverage of 1 human, and the ransom value decreases for every step of damage taken by the hostage. For encrypted data, it's a different ballgame. I'm sorry but the FBI is completely right on this one.

[Decon]

Disconnected backup makes your entire point moot. And even ROM chips can be rewritten if you know how.

not if you use the industrial chips that you manual flash with light.  IDK if anyone even uses them anymore though

[Tech_Dreamer]

in short mind sense, this is bad, but in  actuality i think it's a good strategy , this is their playground & the game can be cached & traced back..

[ShadowCaptain]

SNIP

 

 

because like my mum could understand what any of that is