It seems that the FBI takes an increasingly permissive stance regarding ransomware infections and ransom payments. According to digital forensics specialists, the agency updated its guide for private companies on how to deal with an encryption malware infection. The updated version includes a section discussing the possibility of paying the ransom to hackers.
This seems like a measure against the victims,
so we need to add some context. The FBI acknowledges that paying the ransom may
be a viable option, although it maintains its original posture, recommending
victims not paying hackers to regain access to the encrypted files.
In short, the new section in the guide
mentions: “Paying the ransom puts criminals in charge and renders any company
more prone to be a cyberattack target. However, the FBI recognizes the right of
company executives to evaluate and determine the best option to protect the
information of their customers, employees and shareholders.”
As we can see, in case of ransomware infection
the main recommendation of the US authorities for companies is under no
circumstances to try to negotiate with the hackers or pay them a single dollar.
“Paying the ransom only generates new victims of cyberattacks, in addition
to providing funds for criminals to keep operating, not forgetting that nothing
guarantees us that paying the ransom will recover the encrypted
information”, mention the digital forensics specialists.
Despite warnings from law enforcement agencies
and members of the cybersecurity community, there are alternative positions,
suggesting paying the ransom as the best option. “The fight against
ransomware is exclusively up to the authorities, victims should not worry about
not encouraging this practice at the cost of losing their files”, some
proponents of this approach mention.
Digital forensics specialists from the
International Institute of Cyber Security (IICS) mention that reporting these
incidents is a key element in having a broad picture of how these threat actors
operate, so without whether the decision to pay or not, ransomware victims
should not stop notifying the authorities of these infections.