> Now that crypto ransomware is a threat that won't be going away any time soon, there's been a fair amount of debate about whether victims should pay the ransom as demanded. Recently, an FBI agent reportedly told businesses it may be easier for them to pony up. The comments generated howls of protest among security professionals, who warned there's no guarantee the fees will ensure the encrypted data is restored.
What exactly do security professionals recommend instead? If you've lost business-critical data to a cryptolocker, even a 50% chance of getting it back is worth a lot of money if the alternative is closing up shop and laying everybody off. "You should throw away your livelihood to discourage criminals in general" sounds nice, but it's not actually a reasonable thing to expect someone to do.
Regarding cryptolockers, if you have a backup drive on a SAN ... beware. Crypto ransomware will scan for any attached drives and encrypt those files as well.
To make matters worse, your DropBox syncing software will automatically cryptolocker your files stored in the cloud.
> congratulates them on becoming a part of the "large community CryptoWall.
There's no need for that, you've already encrypted all of their files and threatened them with exposure, that's just being nasty for no reason.
Edit: After rereading my comment, it's just occurred to me how impossibly naive it sounds. These are not nice people, expecting politeness is a bit much!
I definitely feel for the regular people getting hit with such ransomware, but devs that don't have backups are just asking for it to begin with. Not that it's right or anything, but if you have no backups of your site, it was destined to be lost at some point whether is be ransomware or software/hardware failure. With storage so cheap, it's really inexcusable.
While storage might be cheap, the costs for maintaining the hardware and software setup isn't. I think that's the main reason for missing backups. I maintain myself a backup solution based on a bananapi. Whereas the hardware is cheap, the overall costs (as measured in time) are not.
It managed to use "its" correctly, which is more than the average native English speaker seems capable of doing. Even though there were some obvious mistakes and a few places contained awkward phrasing, on the whole I thought the grammar was quite decent.
What exactly do security professionals recommend instead? If you've lost business-critical data to a cryptolocker, even a 50% chance of getting it back is worth a lot of money if the alternative is closing up shop and laying everybody off. "You should throw away your livelihood to discourage criminals in general" sounds nice, but it's not actually a reasonable thing to expect someone to do.