Editorial: Paying ransom means giving in to cyber criminals
If you’ve watched one high-stakes thriller, you’ve heard it.
Watch most crime shows on TV. Read an international suspense novel. The theme has been out there for years.
You don’t negotiate with terrorists. Or kidnappers.
The modern version of that is all about ransomware and the hackers behind it, the 21st-century hybrid of two kinds of criminal. They hijack your device, then say they will happily give it back … for a small (or not-so-small) fee.
Back in the day, kidnapping was more common on a prime-time television show with a daring hero and a dastardly villain than it was in a small suburb of a city like Pittsburgh. Our biggest brushes with hostage situations and terrorism were likely to be Bruce Willis’ “Striking Distance” or Jean-Claude Van Damme’s “Sudden Death.”
But ransomware lets crime happen anywhere and to anyone. A criminal sitting in Kiev or Korea will take any target that presents itself, and the internet opens those targets wide.
That’s why the FBI issued warnings in July. If your screen freezes and a message pops up that says it’s going to take a chunk of money to get it back, don’t do it. Back up your system regularly, and if the worst happens, have your system scrubbed and reload.
Pennsylvania Senate Democrats followed the rules, and it wasn’t cheap. A $30,000 ransom demand was dwarfed by more than $700,000 paid to fix and enhance the system.
TV also teaches us that there will always be the rebel who doesn’t want to listen, the feisty parent who thinks he knows better than the police. For some local agencies, like the Allegheny County District Attorney’s office and the Westmoreland County Housing Authority, paying off the ransomware pirates has seemed like the better deal.
Maybe. Maybe not.
“Even if the victim does pay, there is no guarantee they’ll regain access to the data,” said FBI Acting Special Agent in Charge Greg Nelsen in July.
There’s also no guarantee that the next time the criminals need a cash infusion, they won’t just punch a key and shut your system down again. Paying a terrorist, after all, just teaches them that you will open your wallet.