Home What is a cyber ransom? 

What is a cyber ransom? 

When cyber criminals deploy ransomware to lock or encrypt an organization’s computers and/or devices, they demand a ransom payment, otherwise known as a cyber ransom. Typically, a cyber ransom must be paid within a specific timeframe. Otherwise, files are permanently deleted.

Should organizations pay cyber ransoms? 

For most organizations, this decision comes down to a loss/benefit calculation. The scale of disruption from a cyber attack can make payment of a cyber ransom an appealing option. For example, a hospital that suffers a ransomware attack may find that the fastest way to proceed with appointments, surgeries, and medication dispensation is to pay the ransom.[1] That being said, the US FBI condones the practice of paying cyber ransoms. This is because paying a cyber ransom does not guarantee that files will be restored. It also emboldens cyber criminals to conduct future attacks. [2]

Both at national and local levels, legislators are seeking to ban ransomware payments. After all, encrypting data is illegal, so why isn’t paying criminals illegal? To stay current when it comes to ransomware payment laws, be sure to regularly visit CyberTalk.org.

Why do cyber criminals request for cyber ransom payments in Bitcoin?

In the early days of ransomware attacks, cyber criminals requested for payments to be sent through the regular mail. However, this tactic often proved problematic for cyber criminals, as the police could monitor a given postal box, and could arrest the person picking up the mail.

Online payment systems like Western Union or Paypal must be connected to authentic bank accounts, again enabling authorities to easily catch criminals. In contrast, the digital currency known as Bitcoin is largely untraceable. For cyber criminals, this is ideal, as they do not wish for security services to identify them. To further obscure payment recipients, attack perpetrators may route Bitcoin payments through ‘mixing services,’ which operate like money laundering services for online payments.[3]

How can organizations circumvent requests for cyber ransom payments? 

  • Organizations can back up important files either on the cloud or via third-party storage enterprises. Ensure that back up files are not stored on or connected to your network.
  • Test your backup system ahead of an authentic ransomware attack to be sure that it’s fast and reliable.
  • Europol suggests that organizations and individuals consider using nomoreransom.org to decrypt devices. This website offers more than 25 different tools that can decrypt over 100 different types of ransomware.[4]
  • Contact your insurance group. They may be able to suggest strategies that can help.

For more on ransomware, click here.

[1] ZDNet, “Ransomware attacks: Why and When it Makes Sense to Pay the Ransom”, Larry Dignan, 27 June 2019

[2] FBI, “Scams and Safety”, 2020

[3] Dark Reading, “How Bitcoin Helped Fuel an Explosion in Ransomware Attacks”, Danny Palmer, 22 August 2016

[4] Europol, “No More Ransom: How 4 Million Victims Of Ransomware Have Fought Back Against Hackers”, 27 July 2020