In the wake of last week's ransomware attack that caused turmoil for the NHS and many other organisations, we're now even more aware of just how devastating a cyber attack can be. But the question is... should you pay the demand?
Short answer - never. Sure, when a notification pops up on your screen that threatens to encrypt some of your most irreplaceable files, it's easy to feel the urge to pay the ransom. But there's a reason why cyber security experts encourage people to avoid parting ways with their money.
What would happen if I paid the ransom?
Of the 200,000+ computers that have been encrypted by WannaCry (also dubbed WanaCrypt0r), the hackers behind the attack are charging $300 to $600 to allow you to restore access. But this is where the first issue with paying crops up. Once paid, there is no actual guarantee of receiving access to your files. In fact, it's actually very unlikely that you will receive anything at all.
Common sense would put this down to a natural inability to trust a criminal, especially one who is committing a crime against you. But the issue goes further than that. For instance, much has been made about the sloppiness of WannaCry's coding and design, which has meant that a manual human operator must activate the decryption. Victims are expected to contact the criminals so they can obtain a 'key' to unlock their files. But, given the attention that WannaCry has received, it's unlikely that anyone would return your contact request.
If you pay the ransom, you are more than likely going to send Bitcoin that will sit in an address forever.
Am I really a target?
With 54% of UK companies hit by ransomware last year, there's no shortage of targets. In fact, 40% of the emails we received last year contained ransomware. But, although ransomware can target all kinds and sizes of businesses, one of the main targets are hospitals. As seen in the cyber attack on the NHS, hospitals and health organisations are always popping up in the news as latest victims, forking over mounds of Bitcoins to get their systems back up. Because of the critical nature of their infrastructure, if hospital data is inaccessible, it can be a matter of life or death, and cyber criminals know that. In fact, they’re banking on it.