Never pay for ransomware - increasingly ransomware is being released that doesn't actually save the encryption key, and so the extortionist just says whatever they think will get you to pay the most money.
There's some interesting game theory at work here. I remember learning in the early days of ransomware that the hackers would typically provide excellent customer service to the targets. They'd always promptly respond to emails or phone calls, and they'd even walk you through the process of buying Bitcoin to send. The premise was that you'll get the highest revenues if you make it as easy as possible for people to pay you - and establish a reputation for actually unlocking the data once you're paid!
Of course, just taking the money and running is a much higher-margin business, but it relies on that established reputation-building. Maybe a good analogy is counterfeit sellers on Amazon.
friend of mine just got his hd encrypted, and i told him to try and talk to the guy instead of just assuming it was just a bot. And indeed he got a conversation going. He’s still unsure about paying, and hope for now that someone will release a decrypter. He’s got all his kids pictures and videos and no other backup..
It's also worth noting that if you pay ransomware, the organization you pay now knows that you (1) are willing to pay, (2) don't have the technical capability to avoid a malware infection, (3) don't have a full backup solution.
Even if the ransomware is removed/disabled after payment, you are more likely to be re-targeted either by the same group or that group may resell your information to rival ransomware groups.
I'm not entirely against paying, but it's a risk calculation and you should know all of the risks.
i have the feeling based on a recent experience that at least for individuals, you’re not really « targeted ».it’s more of a fishnet approach , and then some people will do the hotline to help you pay the bitcoins.
The guy asked my hijacked friend for the equivalent of 200€ in bitcoin. I don’t see anyone spending time specifically on his case for that amount. A skilled hacker able to « target » someone could make much more money actually developing real software.
I'd like to think that any person or company who was hit by ransomware would act quickly to remedy point 3 and, as much as its ever possible, point 2 as well.
Of course, just taking the money and running is a much higher-margin business, but it relies on that established reputation-building. Maybe a good analogy is counterfeit sellers on Amazon.