Things to consider before paying the ransom to cyber criminals

Ransomware viruses become so popular that criminals are coding them one after another. These programs use a military-grade encryption method to render files on the computer useless and then ask to pay a ransom. Unless the author of ransomware is a fool, it is not possible to recover encrypted files in any way except paying the ransom to the criminal. Unfortunately, it is nearly impossible to track down an experienced cyber wrongdoer, and police can not do anything to prevent these cyber crimes. Is there a way to stop these attacks? Maybe not, but to lower the number of them – yes. Simply do not pay the ransom!

Attacker collecting ransoms

What encourages criminals to initiate illegal activities? Money. Consequently, the more money they know they can collect, the more effort they put into creating complex data-encrypting programs. Every time someone pays a ransom, criminals gain more motivation to continue this illegal activity. If people would ignore these attacks and stop paying ransoms, we are sure that these scammers would stop creating tools that bring no revenue. However, we understand that sometimes the data or its replacement price surpasses the price of the ransom, and in some cases, it is better just to pay rather than waste valuable time that can even destroy a business. This is exactly why offenders target employees of huge companies – they know that big organizations and companies are more interested in paying the ransom because they cannot afford to lose years of work in a few hours and start from zero. However, ransomware can affect everyone who owns a computer, so home computer users can become victims, too. We have prepared a short guide for people who are thinking about paying the ransom – hopefully, these tips will make you rethink your choice.

  1. Before paying the ransom, you should check whether the virus has deleted Volume Shadow Copies or not. These copies can be used to restore encrypted data for free. To ease this process, you can use tools like ShadowExplorer.
  2. Visit the NoMoreRansom website to see if malware researchers have managed to create a decryption tool for ransomware that has infected your system. We also strongly recommend you to search the web for newly released decryptors and see if one of them can restore your data.
  3. If you can find no decryption tools, consider whether it is cheaper to pay the ransom or to lose your files. Bear in mind that some viruses ask for a smaller ransom when you pay it during the estimated time period, so definitely think about it.
  4. Understand that cyber criminals are not obliged to provide you the decryption key/software – if they do it, they do it driven by their interest only. They provide the key because if they didn’t, eventually victims would stop paying ransoms. However, research shows that one out of five victims who paid the ransom never received the decryption tool.
  5. Paying the ransom helps cybercriminals evolve more sophisticated malicious ransomware projects, which are going to be used to attack more innocent people.
  6. If you pay the ransom, criminals automatically add you to the list of potential targets again. If you pay once, there is a chance you might pay the second time, too. Besides, we know cases when ransomware authors commanded the victim to pay more money once the initial ransom price was paid.
  7. The decryption tool might appear to be not a digital life-saver, but a malicious software package that carries additional malware. Beware that the decryption tool can contain an example of a different malware, for example, a Trojan or a keylogger. Such programs remain silent on the system and illegally collect personal data about the user, which is later transferred to criminals’ C&C servers.
  8. If you have time, backup encrypted files and be patient. If there is no decryption tool capable of restoring your files at the moment, it does not mean that such tool will not appear in the future. Malware analysts are working hard to crack ransomware codes, and sometimes they succeed to build effective decryption tools that people can download for free.
About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions

Read in other languages