Ransomware has become one of the most dangerous kinds of malware. Its end goal is to steal your important data, which it does by encrypting it and then demanding a ransom in order to decrypt it. There are many ransomware strains out there, but they all have two things in common: they demand payment for giving you access back to your own files, and they often start with phishing emails that trick people into opening attachments or clicking links. It’s not always clear when you should pay up or just cut your losses.
Ransomware: To Pay or Not to Pay?
The first thing to do when getting hit with ransomware is see if paying will actually work. Some variants retain the encryption key even after being paid off, while others use Bitcoin transactions that can be tracked down, meaning that those who pay may not get their files back.
If you think you can recover your files and your ransomware is one of the variants that accepts payment, then it’s a question of whether or not paying will be worth it to you.
If you have backups, there’s no reason to pay; if not, you need to weigh up the cost of either recovering your files (if possible) or losing them for good (if they were particularly valuable) against the expense of buying cryptocurrency like Bitcoin in order to send payment.
It might be easier said than done – but most ransomware notes include an address where the money should be sent and specify which cryptocurrency is expected, so it shouldn’t be too hard once you know how.
The other issue is that paying will encourage the ransomware authors to continue their work, making your computer less secure in the future. It’s important not to give into these criminals no matter what – even if it feels like they’re winning. When you do get hit by ransomware, whatever you do, don’t pay up!
Recover Your Files If You Can
If you think there might be a chance of recovering your files without payment, don’t waste time; start trying to fix the problem right now.
The longer you wait before taking action, the less likely you are to succeed at either recovering or decrypting your data – and the more likely it is that someone else will have paid up before you manage anything!
A few ransomware strains can be decrypted without payment, but that’s certainly not guaranteed.
To recover your files once you have been infected with ransomware, do not pay the ransom and do not delete any of your encrypted files.
Instead, disconnect from the Internet (if possible), then follow our guide for specific instructions on how to remove malware completely . As soon as you can, start trying alternative methods for recovering your data , such as:
- Backups: Check whether backups exist or if they can be restored; if so, recovery should be easy!
- Volume Shadow Copies: This is a backup feature built into Windows (enabled by default). Restoring an older version of a file may allow you to decrypt it since some ransomware strains don’t tamper with older files.
- File Recovery Software: There are a number of free utilities that can be used to salvage encrypted files.
- Bring Your Own Keys: Services like IDrive have the ability to help you recover some or all of your data for free, using their own private keys. Note that this is not guaranteed, and they will only work if the ransomware hasn’t managed to encrypt all of your files before locking you out!
Paying is not recommended for various reasons, but ultimately it depends on how desperate you are to get your files back. Some ransomware programs have the ability to decrypt files without payment after certain time periods or possible detection of decryption key. It is best to avoid paying ransoms whenever possible because it only encourages the attackers’ efforts and may even be a scam. If you are able to recover your data without payment using one of the methods above, there is no reason to send money.