{"id":10422,"date":"2015-10-30T09:00:12","date_gmt":"2015-10-30T13:00:12","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=10422"},"modified":"2019-11-15T07:00:55","modified_gmt":"2019-11-15T12:00:55","slug":"dont-pay-ransom","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/dont-pay-ransom\/10422\/","title":{"rendered":"To pay or not to pay \u2013 the dilemma of ransomware victims"},"content":{"rendered":"<p>At the Cyber Security Summit 2015 in Boston Joseph Bonavolonta, Assistant Special Agent in Charge of the\u00a0FBI\u2019s CYBER\u00a0and\u00a0Counterintelligence Program in its Boston office, <a href=\"http:\/\/www.scmagazine.com\/cheaper-easier-for-hacked-businesses-to-pay-ransom\/article\/449489\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">revealed how the bureau treats ransomware<\/a>. \u201cTo be honest, we often advise people just to pay the ransom,\u201d Joseph said.<\/p>\n<p>This is a bad practice. Nobody guarantees that your files will be retrieved even if you pay. Are you ready to pay $500 for getting back your son\u2019s photos or would you prefer to spend the money buying him something nice instead?<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">FBI recommends that victims of ransomware pay up | efforts to defeat the encryption used have proved futile \u2013 <a href=\"https:\/\/t.co\/RUmFZXkvSr\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/RUmFZXkvSr<\/a><\/p>\n<p>\u2014 SC Media UK (@SCmagazineUK) <a href=\"https:\/\/twitter.com\/SCmagazineUK\/status\/659301301373784065?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 28, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Paying the ransom not only sponsors nice meals for the criminals, but also helps fund their future crimes. When thieves see that malware brings profit they are encouraged continue to deceive people.<\/p>\n<p>You can also try to get your files back for free \u2013 without paying the ransom. Security vendors upload decryption mechanisms online. While investigating cybercriminal activity, police and security experts obtain decryption keys from malicious servers and share them online. So the precious key can be found on specific websites, such as <a href=\"http:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener\">Kaspersky Lab\u2019s No Ransom<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Criminals behind <a href=\"https:\/\/twitter.com\/hashtag\/CoinVault?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CoinVault<\/a> ransomware are busted by Kaspersky Lab &amp; Dutch police <a href=\"https:\/\/t.co\/r0mP3LDIgr\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/r0mP3LDIgr<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"http:\/\/t.co\/X6ssm0c2UH\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/X6ssm0c2UH<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/644498743023271936?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This autumn a joint investigation by Kaspersky Lab and Dutch police <a href=\"https:\/\/www.kaspersky.com\/blog\/criminals-behind-the-coinvault-ransomware-are-busted-by-kaspersky-lab-and-dutch-police\/9886\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">turned out successful<\/a> in shutting down one ransomware ring that impacted tens of thousands of users in 100+ countries around the world.<\/p>\n<p>We have obtained all the decryption keys for files infected with the CoinVault and Bitcryptor ransomware. The Dutch police even caught the suspects. In total, over 14,000 keys for CoinVault and Bitcryptor were shared on the No Ransom site so that victims can save their hard earned money. If your files had been compromised by any of these two malicious programs, we highly recommend you to obtain decryption keys for free on <a href=\"http:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener\">noransom.kaspersky.com<\/a> and, of course, do not pay ransom.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Remaining keys for  <a href=\"https:\/\/twitter.com\/hashtag\/Bitcryptor?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Bitcryptor<\/a> &amp; <a href=\"https:\/\/twitter.com\/hashtag\/CoinVault?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CoinVault<\/a>  added to our <a href=\"https:\/\/twitter.com\/hashtag\/Ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Ransomware<\/a> decryptor tool <a href=\"https:\/\/t.co\/Yk1lMiAWwP\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Yk1lMiAWwP<\/a> <a href=\"https:\/\/t.co\/9Fv7EvMGIX\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/9Fv7EvMGIX<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/659739952398409728?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 29, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Cybercriminals are not a new kind of a telecom operator, which provides you with services for money. Sure they can offer you a means of removing their malicious programs, but a criminal is a criminal. If you want to pay, be ready for the fact that they may not actually help bring your files back.<\/p>\n<p>Kaspersky Lab will continue working with Interpol and other law enforcement agencies across the globe to help making Internet a safer place.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>All #CoinVault and Bitcryptor #ransomware victims can retrieve their files for free on noransom.kaspersky.com<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F73JF&amp;text=All+%23CoinVault+and+Bitcryptor+%23ransomware+victims+can+retrieve+their+files+for+free+on+noransom.kaspersky.com+\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Unfortunately, there is no panacea for ransomware victims yet. That\u2019s why it\u2019s important to prevent infections: it\u2019s much easier than looking for a way to get encrypted files back.<\/p>\n<p><a href=\"https:\/\/www.kaspersky.com\/blog\/ask-expert-ransomware-epidemic\/9332\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">A good place to start is to make backups<\/a> regularly, especially for all important data: documents with your poetry, drawings, family photos and videos, files from work and so on \u2014 for important and unique things, which would be hard or impossible to recover. However, some pieces of malware can reach even backups.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">All <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> is not equal. Does yours protect you from ransomware? <a href=\"http:\/\/t.co\/Lnb4Rq7foJ\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/Lnb4Rq7foJ<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"http:\/\/t.co\/CfbWbfl3HC\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/CfbWbfl3HC<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/644627001949704193?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The most convenient way to protect your files from ransomware Trojans is to use the <a href=\"https:\/\/www.kaspersky.com\/blog\/tip-of-the-week-cryptoware\/6199\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">System Watcher module<\/a> integrated into <a href=\"https:\/\/kas.pr\/iB4t\" target=\"_blank\" rel=\"noopener\">Kaspersky Internet Security<\/a>. It can keep local protected copies of important files and revert changes made by crypto malware. So if you use <a href=\"https:\/\/kas.pr\/iB4t\" target=\"_blank\" rel=\"noopener\">Kaspersky Internet Security<\/a>, make sure that the module is turned on.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While FBI recommends victims to pay the ransom, Kaspersky Lab won back the access to the files for dozens of thousands of CoinVault and Bitcryptor victims.<\/p>\n","protected":false},"author":522,"featured_media":23192,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[1302,1061,772,192,420,1301,422,154],"class_list":{"0":"post-10422","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-bitcryptor","10":"tag-coinvault","11":"tag-police","12":"tag-protection","13":"tag-ransomware","14":"tag-scurity","15":"tag-threats","16":"tag-viruses"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/dont-pay-ransom\/10422\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/dont-pay-ransom\/6208\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/dont-pay-ransom\/6410\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/dont-pay-ransom\/7164\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/dont-pay-ransom\/6848\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/dont-pay-ransom\/9567\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/dont-pay-ransom\/5794\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/dont-pay-ransom\/6356\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/dont-pay-ransom\/9373\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/dont-pay-ransom\/9567\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/dont-pay-ransom\/10422\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/dont-pay-ransom\/10422\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/bitcryptor\/","name":"bitcryptor"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10422","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=10422"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10422\/revisions"}],"predecessor-version":[{"id":30376,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10422\/revisions\/30376"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/23192"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=10422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=10422"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=10422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}