NEWS

Pay the malware ransom! Says FBI!

Last week, FBI Assistant Special Agent Joseph Bonavolonta – who is head of the FBI’s CYBER and Counterintelligence Program in Boston – made some startling comments regarding what people (and corporations) should do if they become infected with ransomware. 

Ransomware is the common name given to a type of malware that cybercriminals use to remotely take control of computers, smartphones, or tablets in order to get a ransom fee. Hackers achieve this by locking up a victim’s device with encryption until a ransom has been settled. Shockingly, at a conference last week, FBI Agent Bonavolonta suggested that if you suffer the misfortune of being held to ransom with certain (sophisticated) versions of this malware the best course of action may well be to pay the ransom. ‘The ransomware is that good,’ he said.

These startling comments were delivered during last week’s Cyber Security Summit in Boston, where Mr. Bonavolonta addressed a room filled with an assortment of top technology and business experts. During his presentation, the FBI agent explained that unfortunately some of the malware currently in circulation is too well designed for the FBI to be able to actually do anything if you are hit. Despite this, he does recommend that if US citizens or firms become infected they should inform the bureau at once – so that they may continue to monitor the hackers progress.

According to Banavolonta, when the bureau is informed about ransom-hacks involving sophisticated software such as Cryptolocker, Cryptowall or Reveton (all of which lock user data behind a  veil of encryption) the cryptography in the software is far too strong for the bureau to be able to crack it. ‘To be honest, we often advise people just to pay the ransom,’ he said.

Nothing you can do

If this is the first time that you are hearing about ransomware, then you may want to be aware that this is nothing new. In reality, hackers have been holding computers ransom for around a decade (although it is true that in the last three years it has become much more prevalent). That is because any hacker that knows how to get the ransomware onto somebody’s computer knows that the economic rewards can be great – and the ease with which it can be spread – often means that hackers stand to make vast sums of money by utilising it.

’The amount of money made by these criminals is enormous, and that’s because the overwhelming majority of institutions just pay the ransom,’ said Bonovalonta at the cybersecurity conference.

The software in question is usually forced onto a computer, or device, via an infected email, download or malicious website. Once there, the malware does not always just lock up the primary target; annoyingly it can also lock up all the other directories that are accessible from the device. This means that for a victim who is in urgent need of regaining control of their system, often there is no option but to pay up the ransom money.

It’s going to cost you

Bonovalonta is not joking when he says ‘enormous’ sums of money either. It is believed that between April 2014 to June 2015 a ransomware called Cryptowall accumulated hackers an irresistible $18 million. Individuals that are affected by the malware are often asked for around $200, whereas businesses can be held to the tune of $10,000, or even more.

Thankfully there is some good news. Firstly, according to Bonavolonta the large amount of people that have been affected by ransomware may actually be keeping the ransom low. Hackers working under the assumption that individuals are more likely to simply pay up if the sum is affordable. Small mercies. The other good news is that the ransom-hackers are more often than not an honest breed of villains – who according to the FBI agent – are pleasant enough (once paid in full) to return access to a compromised device: “You do get your access back,” he commented.

Only solution

So, if you happen to become infected with malware that asks you for a ransom – don’t expect any help! Simply follow the FBI’s friendly advice, and pay the kind cyber criminal at once! You’ve been told!

(For a more useful course of action, here is an excellent article on how you can protect yourself from possible ransomware infections, and what your options are if you are infected.)


Ray Walsh I am a freelance journalist and blogger from England. I am highly interested in politics and in particular the subject of IR and I am an advocate for freedom of speech, equality and personal privacy. On a more personal level I like to stay active, love snowboarding, swimming and cycling, enjoy seafood and love to listen to trap music.

Related Coverage

More

4 responses to “Pay the malware ransom! Says FBI!

  1. Assistant Special Agent Joseph Bonavolonta obviously is uneducated on this issue ,,,, there is ALWAYS a way to avoid paying ransom.

    Perhaps he ought to cruise some Porn sites to get educated ,,,, rife with ransomware!

    Good luck!

  2. This is the worst advice ever. Think about it, they hit you once and you pay, now your a sucker. They will hit you again. I was hit 3 times with this shit. Using Windows 10 and always create a restore point, and automatically back up once a week. Then all you have to do is go into administration delete browser history and restore a previous setting. pretty simple really.

  3. One way I’ve found not to get infected in the first place is to use CryptoPrevent (. It’s free, and has been featured on Brian Krebs’ blog, CNBC and a host of other reputable sites. Plus with CryptoPrevent, there’s nothing to run. Just open the program and update the definitions once in awhile, and CP modifies registry keys and settings to prevent ransomware from infecting your computer.

    And it’s really easy to use.

    CP is probably not a panacea, but it’s definitely better than just running an antivirus program.

Leave a Reply

Your email address will not be published. Required fields are marked *