What’s your Ransomware response? Do you pay the ransom as demand or leave it alone? According to Microsoft, it is not wise to pay ransom as it demands.
Since 2010, the ransomware has been active, and become a major threat for all users. With the popularity of cryptocurrencies in recent years, ransomware has become a common tool used by hackers. That situation causes a wide discussion about whether victims should pay a ransom to unlock their own devices and files.
At the end of 2015, the FBI was involved in a controversy over ransom issue. Back then, an FBI agent publicly acknowledged that the bureau suggested victims pay ransom in many cases. That shocked many people. Many US senators wrote to ask why the agency is encouraging and helping criminals. Subsequently, the FBI had to change its official position. They suggested people postpone the ransom payment to hackers and report the type of virus timely.
In a recent Microsoft blog, it says, “We never encourage a ransomware victim to pay any form of ransom demand. Paying a ransom is often expensive, dangerous, and only refuels the attackers’ capacity to continue their operations.”
When users pay the ransom, hackers get more money to continue their evil plan to attack more users. Besides, there is no guarantee that users will surely get a ransomware decryption key and recover their data. Many users paid the ransom while their data still was encrypted.
Microsoft suggests that companies should invest in minimizing the attack surface and establishing a reliable backup strategy so as to recover important data from any attack. More precisely, Microsoft recommends that companies follow six simple steps to prepare for a ransomware attack when possible:
1. Use an effective email filtering solution.
2. Regularly patch hardware and software systems, and conduct effective vulnerability management.
3. Use the latest antivirus software and endpoint detection and response (EDR) solutions
4. Separate administrative credentials and privileged credentials from standard credentials
5. Implement an effective application whitelist plan.
6. Regularly back up important systems and files.
Published by Emerson L. Sullivan & last updated on December 27, 2019 1:39 am