ShareThis Page
Editorials

Editorial: Paying ransom means giving in to cyber criminals

| Sunday, Sept. 23, 2018, 6:33 p.m.
A worker is surrounded by computer monitors in the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Wednesday, Aug. 22, 2018. The center serves as the hub for the federal government's cyber situational awareness, incident response, and management center for any malicious cyber activity. (AP Photo/Cliff Owen)
A worker is surrounded by computer monitors in the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Wednesday, Aug. 22, 2018. The center serves as the hub for the federal government's cyber situational awareness, incident response, and management center for any malicious cyber activity. (AP Photo/Cliff Owen)

If you’ve watched one high-stakes thriller, you’ve heard it.

Watch most crime shows on TV. Read an international suspense novel. The theme has been out there for years.

You don’t negotiate with terrorists. Or kidnappers.

The modern version of that is all about ransomware and the hackers behind it, the 21st-century hybrid of two kinds of criminal. They hijack your device, then say they will happily give it back … for a small (or not-so-small) fee.

Back in the day, kidnapping was more common on a prime-time television show with a daring hero and a dastardly villain than it was in a small suburb of a city like Pittsburgh. Our biggest brushes with hostage situations and terrorism were likely to be Bruce Willis’ “Striking Distance” or Jean-Claude Van Damme’s “Sudden Death.”

But ransomware lets crime happen anywhere and to anyone. A criminal sitting in Kiev or Korea will take any target that presents itself, and the internet opens those targets wide.

That’s why the FBI issued warnings in July. If your screen freezes and a message pops up that says it’s going to take a chunk of money to get it back, don’t do it. Back up your system regularly, and if the worst happens, have your system scrubbed and reload.

Pennsylvania Senate Democrats followed the rules, and it wasn’t cheap. A $30,000 ransom demand was dwarfed by more than $700,000 paid to fix and enhance the system.

TV also teaches us that there will always be the rebel who doesn’t want to listen, the feisty parent who thinks he knows better than the police. For some local agencies, like the Allegheny County District Attorney’s office and the Westmoreland County Housing Authority, paying off the ransomware pirates has seemed like the better deal.

Maybe. Maybe not.

“Even if the victim does pay, there is no guarantee they’ll regain access to the data,” said FBI Acting Special Agent in Charge Greg Nelsen in July.

There’s also no guarantee that the next time the criminals need a cash infusion, they won’t just punch a key and shut your system down again. Paying a terrorist, after all, just teaches them that you will open your wallet.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.

click me