Dear Reader,
It seems like more and more frequently these days, there are reports of new cyberattacks targeting large corporations. Last month, we witnessed another massive cyberattack hit Europe, targeting banks, shipping companies and multinational agencies, some with offices in the U.S., like the pharmaceutical giant Merck.
When trying to access their computer or bank account, victims saw the following message:
If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our encryption service.
This attack was similar to the WannaCry ransomware attack that ripped through Microsoft operating systems in May. But in this case, the hackers planted the virus in MeDoc, a popular piece of Ukrainian accounting software. When MeDoc users updated their software to the latest version, they unknowingly downloaded the ransomware.
Because of the cryptoworm’s origin, businesses and government agencies in Ukraine were hit especially hard. According to CNN, “Officials at Ukraine’s postal service and metro system in Kiev also reported hacking problems.”
Not only that, but computers at the Cabinet of Ministers, the Chernobyl nuclear power plant and ATMs across Ukraine were all affected. The hackers demanded a ransom of $300 in Bitcoin to unlock each machine.
This particular virus was dubbed “ExPetr” because researchers determined it was similar to another ransomware hack called “Petya” that was traced to a group of Russian criminals.
The Devil to Pay
Now, I realize many of you depend on your computers for work, and without access to your files you could be losing out on income. Paying $300 in Bitcoin to have your files restored may seem worth it, but here are four reasons you should NEVER pay a ransom to recover your data:
It might be fake ransomware. Even if you receive an alarming message on your computer like the one above, it actually might be a hoax. According to the company Citrix, in a study of 200 companies that had been the targets of fake ransomware, 63% of the companies ended up paying the ransom even though it was a hoax. Just because you receive an electronic ransom note doesn’t mean your files have been affected.
Criminals are greedy. Let’s say you receive a message that if you pay $300, all your computer files will be restored, and you panic and send the payment right away. Criminals will take this as a sign they can extort more money from you, and they will often ask for more. They may even continue asking for more money each time you make a payment to see how much they can get out of you without restoring your files. Don’t negotiate with terrorists.
They are called criminals for a reason. With the ExPetr cyberattack, the email address that sends you the decryption key is no longer active. Even if you pay the ransom, the hackers can’t send you the decryption code like they claim they will.
Listen to the FBI. According to the Federal Bureau of Investigation, you should never pay a ransom for access to your computer because it emboldens criminals to continue executing these types of crimes. If no one ever pays the ransom, the whole scheme would be a waste of time and cybercriminals would likely move on to another scam.
So what should you do if you receive a ransomware message?
First, disconnect your computer from the network you are on to reduce the chance of infecting other computers. Second, shut down your computer and contact an IT professional who can tell you the best way to save your data from being completely erased.
And of course, as a precautionary measure, make sure you regularly back up all of your files so that if you’re computer does get hijacked, it’s not that big of a deal.
Stay safe,
Jason Hanson
Editor, Spy & Survival Briefing