Paying a ransom is no joke. Being victimized by ransomware can leave you breathless and concerned for the future of your business, and anyone who would inflict this type of harm cannot be trusted. You are dealing with criminals, although if you talk to these guys, they think they are businessmen. They tell themselves, and others, that they are legitimate and doing you a favor by exposing your systems vulnerabilities. Some of them even act as though they are providing you a service, so you are not victimized by someone worse. Alvaka Networks has witnessed this rationalization first-hand.
If you are like most victims, your backups are no good, and you are out of business until your systems are fixed and re-secured. By now, you are likely concluding that you need to consider paying the ransom to get your data back and get back to doing business. That leads to the inevitable question, “If I pay the ransom, will I get my data back?” That is a prudent question to consider.
If you pay the ransom, will you get your data back?
As of January 2021, Alvaka Networks has been involved in a tremendous number of ransomware recoveries going back to 2014. In every case where the clients paid the ransom, they have gotten the decryption keys needed to recover their data. In every case, the decryption keys have worked to recover all, or nearly all, of the data. There are a few instances where technical problems cropped up that prevented some portion of the data from being non-recoverable, but those situations are in the minority.
So why should you trust these bad guys to give you back access to your data? You shouldn’t, but they do have a vested interest in making good on their promise to provide decryption keys. Why? Because people talk and they know that. If their criminal industry gets the reputation that victims pay the ransom and the ransomware guys don’t give the victims the keys to recover their data, their whole criminal profession goes down the tubes. These bad guys are making a lot of money and they don’t want to kill their gravy train of extortion.
In one recent case, the ransom was paid, but the victim had still not gotten their decryption keys after several days. This was highly unusual. After a “customer complaint” was made on the dark web, peers to the bad guy in question intervened and put peer pressure on the individual to “wake up” and deliver the keys. As it turns out, this individual was on a drug binge and not responding; but his fellow peers didn’t want the reputations of the ransomware gangs tarnished, so they intervened. As hard as it is to believe, that is a true story.
If you do decide you need to pay the ransom, we recommend Coveware for negotiating lower ransom demands. They help victims through the process of acquiring Bitcoin and complying with OFAC regulations. OFAC regulations are federal anti-money laundering laws set by the US Treasury Department. Violating those can create new problems for you. Coveware accurately describes themselves as using “proprietary data they collect to help ensure successful extortion negotiations on behalf of victim companies. They also assist victim companies to settle cyber extortion events, procure decryption tools and, assist victim companies through the decryption process in order to help maximize data decryption rates.”
If you have additional questions about ransomware payments and/or want to learn more about our ransomware services, Alvaka Networks is available 24×7, 365 days a year.