Requesting a ransom from victims is an unfortunate trend gaining momentum in the hacking world. This is typically done using ransomware (where hackers encrypt data and request money for the key) and distributed denial of service attacks (where hackers threaten to overwhelm a system with traffic, thus knocking it offline). In both scenarios, hackers are looking for the victim to pay up, or else. Should they?
The answer should be obvious; absolutely not. However, when a person’s valuable data becomes encrypted or they receive a legitimate threat to take down their servers, emotions often get in the way and they’ll end up “paying the piper.” Hackers know this, which is why their ransom methods employ fear tactics.
For example, ransomware like CryptoLocker will lock the user out of their computer while the screen displays a clock counting down to when their data will be deleted. And with DDoS attacks, a hacker may contact the victim mid-attack and promise to cease the attack for a fee. Both of these situations play straight into a person’s irrational fear, causing them to cough up cash.
Before reaching for your credit card to pay a hacker’s demands, stop, take a deep breath, and think objectively about the situation. What guarantee do you have that these hackers will actually make good on their promise to turn over your data or cease the attack? This guarantee is only as good as a hacker’s word, which is pretty worthless seeing that, you know, they’re criminals. Therefore, whatever you do, DON’T GIVE MONEY TO A HACKER!
By paying hackers money, you’ll only add fuel to the fire and help fund the spread of their devious acts. Plus, there are several reported cases where a victim pays the ransom, only to still have their data deleted or the attacks on their site continue. What’s it to them if they go ahead and follow through with the attack? They have your money, so who cares? It’s a classic case of adding insult to injury.
Need proof? There’s a recent example of this happening to ProtonMail, a Switzerland-based email encryption service. On November 3rd, ProtonMail was threatened with a DDoS attack by the hacking group Armada Collective. Like many companies would do, they ignored the threat, deeming it to not be credible. Soon afterward, their servers became overloaded to the point where they had to cease operations.
As reported by ZDNet:
The encryption service says the assault reached 100Gbps and not only attacked the ProtonMail datacenter but routers in Zurich, Frankfurt and other locations linked to the ISP -- eventually bringing down the datacenter and ISP. This not only took down ProtonMail, but other companies were affected, too.
To get the attackers to stop, ProtonMail paid the hackers a $6,000 ransom. The hackers happily took their money and kept up the attack. In addition to losing a cool $6k, the company was out a vast sum for all the downtime they experienced.
How much would it cost your company if you lost revenue for a full day of work, and you still had to make payroll? For a medium-to-large sized company, losing a full day’s work would likely come to much more than a few thousand dollars. In fact, hackers understand how downtime can be so costly, which is why they feel justified asking for such an exorbitant fee.
What are you supposed to do if you were asked to pay a ransom by a hacker? The first thing you’ll want to do is contact the IT professionals at XFER. We’re able to take an assessment of the attack to determine how bad it is, and restore your data to a backed up version that’s not infected with malware. When facing a hack attack, we can present you with all the options you can take, none of which will include paying a hacker money.
Call us today at 734-927-6666 / 800-GET-XFER to learn more, and don’t give the hackers have the upper hand.
Comments