A variant, called “leakware” or “doxware” instead threatens to publicize your personal data, often also encrypting the files. Lock screen ransomware does not encrypt anything, but just locks access to your computer. Some lock screen ransomware coders claim to be law enforcement demanding a fine.

Many organizations find it is cheaper and easier to pay off the crooks than to try and recover their data. However, there are very good reasons not to pay the ransom, even if not doing so causes you major problems.

Why Should You Never Pay?

Here are the reasons why you should, simply, not give money to ransomware criminals:

  • You’re painting a target on your back. Extortionists come back to people they know they can successfully extort. Paying the ransom greatly increases your chance of being attacked again.
  • Overall, these crooks are raking in the money. CryptoWall ransomware made an estimated $325 million. The more money they make, the more they will resort to this particular scam. The FBI cannot simply extradite these people, as they tend to hide in Eastern Europe and other places without extradition treaties.
  • Not all victims actually get their files back. Many times, you will pay up, and still not get your data, or get a second demand. Some criminals code their ransomware so badly that they can’t actually decrypt your files. Others simply had no intention of actually decrypting your files. Or, you were hit by “wipeware” and your files were actually deleted.
  • Poorly coded ransomware can also damage your data, so even if they do keep their word, you may still have data loss.
  • If you don’t already have a bitcoin wallet or similar, it can take days to set one up.
  • In some cases, the ransom note itself is a lie. Lock screen ransomware may falsely tell you your files have been encrypted when they haven’t. There has recently (as of January 2019) been a rash of doxware/leakware hoaxes, in which the hacker claims to have stolen files when they have not. The most common is called ‘sextortion’, when hackers claim to know what porn you watch and will tell all your friends what it is if you don’t pay up. These are hoaxes, and needless to say there is no need to pay anything.

What Should You Do Instead?

If you have become a victim of ransomware, then you may feel as if you have no alternative but to pay up. In some cases, this may be true. If they have encrypted sensitive files and you don’t have clean backups, and need those files, then paying may be your only option. However, there are some things you can try first:

  1. Disconnect the computer from the internet and your local network to keep the infection from spreading. Some ransomware programs are worms.
  2. Report the incident to law enforcement. Many victims don’t report, and this is slowing down the ability of the FBI, US-CERT, and others to come up with tools to deal with the problem.
  3. Make sure you aren’t a victim of “scareware.” Look to see if anything has actually been encrypted. One recent scareware hoax put safari on iOS into an infinite loop, and could be dealt with simply by emptying the cache.
  4. Restore from backups. Some ransomware will encrypt your backups. Some won’t. You may be able to find that at least one of your sets of backups (you have more than one, right?) is unaffected.
  5. Use a ransomware decryptor. Leading antivirus companies including Avast and Kaspersky have free decryptor tools. It’s worth at least trying these tools. They may not help, but they may. ID Ransomware will help you identify the threat so you can use the appropriate decryptor. Another good site to check is nomoreransom.com, which helps you identify the ransomware and tells you whether a key is available. Be wary of other sites, as one scam is to offer to help you with ransomware…and sneak in malware of their own while they are at it.
  6. Use a data recovery service. Note that in some cases this can cost more than the ransom, so while paying is inadvisable, it can sometimes be what they can afford.
  7. Clone your entire hard drive to a cheap external. It might be that even if there isn’t  key now, there will be in the future. You will also want to run a full malware cleanup.

How do you Protect Yourself?

How do you protect yourself from ransomware in the first place? Like other malware, it is much easier to prevent than fix. Here are some tips:

Keep good backups

If you have multiple people, consider doing a “ransomware drill” with a simulated attack. You should be able to get everything back up and running within an hour or so. Some ransomware will encrypt local backups, so cloud backups are a good addition. Critical data should be backed up on a hard drive which is then disconnected, a cloud service that is not set to automatically back up, or a USB drive. This prevents the ransomware from encrypting the backups as well.

Practice good cyber hygiene

The vast majority of ransomware attacks are trojans. Never click on links in emails or Facebook messenger, but rather enter the URL manually. Run a good adblocker. Keep anti-virus, VPN software up to date.

Educate yourself and your family members about scareware and ransomware hoaxes, so if you come up against one you won’t panic.

Be extra careful if you are in certain sectors

Ransomware crooks like, for example, to go after hospitals and other medical organizations, who can’t afford even a few minutes without access to medical records.

Always install the latest software patches

Many of the companies hit by the infamous WannaCry ransomware worm were hit after Microsoft released a patch to close the exploit it used, in some cases weeks after.

Never click on a popup that advertises malware removal.

Protect your digital life with Surfshark

Only $1.99 a month. 30-day money-back guarantee with every plan


Have anything you want to know about ransomware? Ask us in the comment section below