What happens when you pay the ransom?
Troves of individual, company and public records data is still being held hostage by unknown hackers, who have infected thousands of computers across 150 countries with a ransomware called WannaCry. As there is no decryption tool for the malware until now, users have no choice but to pay up to get back their data.
So what exactly happens when you decide to pay the ransom? Is it just another trick to extract more money or will you get data back? Unlike traditional ransomwares seen in the past, which have automated channels that accept the payment and release data, WannaCry is operated by human operators.
“A manual human operator must activate decryption,” Matthew Hickey, a cyber-security researcher at UK-based firm Hacker House stated post the attacks.
The ransomware message
“Ooops, your files have been encrypted!” That’s the message (shown above) that hit computers across the globe in the first wave of attacks.
The malware then changes the background on the virtual machine’s desktop, locks all of test files, and leaves a text document explaining to the user how to decrypt the files. As most users are not familiar with bitcoins, the manual guides the user on how to obtain them. It also warns them that if they do not pay up within seven days, they could lose their data forever.
The ransom amount ranges from $200 (£155) to $600. Once the user has decided to pay up, three situations are likely to occur:
Situation 1 – You don’t get your data despite paying the ransom
Several victims have claimed that they have been unable to access their files despite paying the full amount. Europol, White House, police agencies and cybersecurity experts have all strongly recommended users to not pay the ransom amount.
Tom Bossert, assistant to the US president for homeland security and counterterrorism, has said that less than $70,000 has been paid to the hackers, and that he was not aware of any payments that led to data recovery. Security researchers, however, have said there have been some recoveries.
In case you have paid the ransom and still do not have access to your files, it is highly advisable that you do not make a second attempt to pay the ransom. It is possible that the hackers may release the data after some days of the payment, but no such indication has come forward so far.
Situation 2 – Negotiate the ransom amount
Some users, particularly from lower economic backgrounds and students, have reportedly negotiated with the hackers and, in many cases their negotiations have worked. For instance a man in Taiwan was hit by the attack told the hackers that he made barely $400 a month so paying $300 was not possible for him. The hackers decided to go easy on him and released his data without any ransom, but not without some harsh words.
“Frankly speaking our Taiwanese campaign seems to b a failure. We have largely overestimated the income of the population of your country,” as sourced by Taiwan News.
In another incident, a user paid as low as $0.43 after negotiating with the hackers. Despite negotiations, there is still no surety that you will get back all your files safely.
Situation 3 – You get all your files back
While most victims hope they get their data back after paying the WannaCry ransom, the percentage of those are extremely low. While there are no official figures, researchers say many users and companies have managed to get back their files after paying the ransom.
Mikko Hypponen, CRO at F-Secure tweeted saying his firm has confirmation that some 200 systems have been decrypted after the ransom was paid, but such a step is still not recommended.
Until a credible decryption tool can be made available, it is strongly recommended that you do not pay the ransom. It will likely only increase your chances of being a victim in future cyber attacks.
In case you are not a victim of the attack yet but own Windows PC, check out Microsoft’s advisory to stay safe from the attacks.