{"id":12214,"date":"2016-05-26T09:00:07","date_gmt":"2016-05-26T13:00:07","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=12214"},"modified":"2020-04-10T03:32:35","modified_gmt":"2020-04-10T07:32:35","slug":"why-you-dont-pay-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/why-you-dont-pay-ransomware\/12214\/","title":{"rendered":"Hospital learns the hard way why you don&#8217;t pay ransomware crooks"},"content":{"rendered":"<p>When you are sick, you head to the doctor. However, when your computer is suffering from an infection, you probably shouldn\u2019t ask for your doctor\u2019s advice. At Kaspersky Lab, we often harp on the fact that you should <b>NOT<\/b> pay, if you become infected with ransomware.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/05\/06022146\/dont-pay-ransom-fb.jpg\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/05\/06022146\/dont-pay-ransom-fb.jpg\" alt=\"Hospital learns the hard way why you don't pay ransomware crooks\" width=\"1280\" height=\"1280\" class=\"aligncenter size-full wp-image-12215\"><\/a><\/p>\n<p>The reason has multiple facets; perhaps one of the biggest is that you can never trust a criminal. Unfortunately, <a href=\"http:\/\/www.techspot.com\/news\/64954-hackers-demand-ransom-payment-kansas-heart-hospital-files.html\" target=\"_blank\" rel=\"noopener nofollow\">Kansas Heart Hospital<\/a> had to learn that lesson the hard way. You see, they paid the ransom, but they gained access to only some of their files \u2014 and the crooks demanded more money.<\/p>\n<p>It is definitely not a great position for the hospital to be in, but at least they can serve as an example of why infected users should avoid paying to regain access to their files.<\/p>\n<p>Criminals, like ransomware, are constantly evolving. If they see you as an easy mark, you are as good as an ATM \u2014 which by the way <a href=\"https:\/\/www.kaspersky.com\/blog\/invisible-skimmer-at-atm\/12121\/\" target=\"_blank\" rel=\"noopener nofollow\">can also be hacked<\/a> \u2014 lining their pockets to get files back.<\/p>\n<p>Kansas Heart Hospital has learned from its initial mistake in paying and is <a href=\"http:\/\/www.fiercehealthit.com\/story\/hackers-return-more-money-ransomware-attack-kansas-heart-hospital\/2016-05-23\" target=\"_blank\" rel=\"noopener nofollow\">refusing to pay the new ransom<\/a>. The hospital also had plans in place that helped minimize the damage.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Research?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Research<\/a> How educated is the <a href=\"https:\/\/twitter.com\/hashtag\/USA?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#USA<\/a> and <a href=\"https:\/\/twitter.com\/hashtag\/Canada?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Canada<\/a> on <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a>? <a href=\"https:\/\/t.co\/r8HjypI7gT\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/r8HjypI7gT<\/a> <a href=\"https:\/\/t.co\/XHVyT6s78E\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/XHVyT6s78E<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/735241526347976705?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 24, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Although we would never wish it on anyone, it\u2019s a sad fact that ransomware is here to stay. It has been around for years, but high-profile attacks on hospitals are bringing this scourge of the Internet into prime time. Worse, in regions like North America, <a href=\"https:\/\/usa.kaspersky.com\/blog\/ransomware-study-2016\/7186\/\" target=\"_blank\" rel=\"noopener\">general awareness of ransomware is low<\/a>. Add that to the notion that the <a href=\"https:\/\/threatpost.com\/linkedin-is-latest-contributor-to-breach-fatigue\/118272\/\" target=\"_blank\" rel=\"noopener nofollow\">ethos of hackers<\/a> may be shifting, and we could be seeing a shift of criminal operations in the profitable world of ransomware.<\/p>\n<p>What we recommend everyone do is back up all of your files to an external drive or the cloud on a regular basis, and have a <a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;THRU&amp;reseller=gl_KDpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;_ga=1.228834716.1273636079.1462449050\" target=\"_blank\" rel=\"noopener nofollow\">security solution<\/a> running. This applies to both individuals and companies.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n<p>Some additional articles to keep up to date with the ransomware epidemic.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-10-tips\/10673\/\" target=\"_blank\" rel=\"noopener nofollow\">10 Tips to protect your files from ransomware<\/a><\/li>\n<li><a href=\"https:\/\/threatpost.com\/diary-of-a-ransomware-victim\/117877\/\" target=\"_blank\" rel=\"noopener nofollow\">Diary of a ransomware victim<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-protection-video\/8765\/\" target=\"_blank\" rel=\"noopener nofollow\">How Kaspersky Internet Security protects users from ransomware<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Hospital pays ransomware ransom, does not get files back.<\/p>\n","protected":false},"author":636,"featured_media":12216,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[1638,1514,36,1639,420,422,131],"class_list":{"0":"post-12214","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-criminals-activity","10":"tag-hospital-ransomware","11":"tag-malware-2","12":"tag-ransom","13":"tag-ransomware","14":"tag-threats","15":"tag-tips"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/why-you-dont-pay-ransomware\/12214\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/why-you-dont-pay-ransomware\/7198\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/why-you-dont-pay-ransomware\/7245\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/why-you-dont-pay-ransomware\/7172\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/why-you-dont-pay-ransomware\/8398\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/why-you-dont-pay-ransomware\/8264\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/why-you-dont-pay-ransomware\/2156\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/why-you-dont-pay-ransomware\/5707\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/why-you-dont-pay-ransomware\/6352\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/why-you-dont-pay-ransomware\/7846\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/why-you-dont-pay-ransomware\/11566\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/why-you-dont-pay-ransomware\/12214\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/why-you-dont-pay-ransomware\/12214\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/ransomware\/","name":"Ransomware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=12214"}],"version-history":[{"count":9,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12214\/revisions"}],"predecessor-version":[{"id":34776,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12214\/revisions\/34776"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/12216"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=12214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=12214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=12214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}