To pay or not to pay? ESET's guide to navigating ransomware

Teddy Njoroge, the country manager for ESET East Africa. /COURTESY
Teddy Njoroge, the country manager for ESET East Africa. /COURTESY

In the world of cyber security, malware – software that alter normal computer functions – come in different forms.

A number of these malicious softwares are a nuisance that do not go beyond being an inconvenience.

An uptake in ransomware, however, is a trend that should worry professionals and individuals dealing in sensitive information to which access is vital for everyday function.

Ransomware is software that converts data in an infected system into a code that can only be unlocked with a corresponding code.

An affected individual or organisation is usually forced to part with money for the unlock code or decryption code hence the name coined from the word ransom.

Failure to pay often means access to the encrypted files is denied. In some instances, the encrypted data will be deleted or parts of the locked system altered.

Companies have run into losses in the millions on account of ransomware, raising the question of whether they should apportion funds to settling ransoms for their data.

"Often, organisations realise they are under attack after the fact. At which point their data or documents have already been encrypted and an expensive demand note in untraceable Bitcoins, attached as a permanent screen saver on their computers," Teddy Njoroge, Country Manager, ESET East Africa, said.

Ransomware is deployed through Trojans – seemingly legitimately downloaded files – or through exploit kits which appear in the form of pop-ups on web browsers.

The most common of these are alleged holiday destinations a user has won or winnings from online gambling forums. Most security-wary individuals and organisations can identify the malicious intentions of such pop-ups.

Others are not so lucky and fall for the ruse.

Ransomware is a lucrative industry for hackers some of whom do provide the unlock codes once the sought funds are paid.

The malware is additionally ubiquitous on account of developers selling to crime syndicates for a percentage of the proceeds from the ransom.

The challenge of navigating ransomware is the lack of a guarantee of a working decryption. Attackers may pile pressure on their victims to pay up only to fail to provide the decryption.

Worse still, even after paying, a victim’s data may still be deleted, accounting for a loss of funds and a loss of content.

"The best approach is for all to refuse to be bullied into making payments, no matter the demands," Njoroge explains.

He went on: "Understandably, it is an easier decision to make if only one or two computers or websites are affected as opposed to an entire network of devices,"

He asserts that if people continue to pay, the attackers will persist. And attackers are infamous for pushing the envelope with some documented attacks targeting organisations that have paid ransom before.

ESET recommends inclusion of ransomware consideration in policy structures aimed at dealing with disaster recovery, and an effective practice to this end is regular backup of critical data with a secure cloud service host.

The Norwegian cyber security firm concludes that proper disaster recovery investment can cost significantly less than paying up for ransomware.