Statistics from Symantec indicate that the average ransomware payment was just over $1,000 in 2017, up almost four times from the average amount in 2015. The numbers are climbing because it’s working; Symantec also indicates that 34% of all victims globally (and 64% in the United States) are willing to pay to make the problem go away.
Ransomware is the hottest segment of cybercrime, and most businesses can expect to become targets at some point. If you get hit, and you decide to pay the ransom demand to get your files back ASAP, is there any way to recover your money?
Law Enforcement and Ransomware
If you’re hoping that law enforcement apprehends the perpetrators and seizes their stolen funds, you’re inevitably going to be disappointed.
The first known traceable ransomware attacks came from Russia, and along with neighboring Eastern European countries, that’s still one of the most common points of origin. Ransomware can be deployed from absolutely anywhere in the world, however. That’s what makes it so accessible, along with the high degree of anonymity and minimal cost of the attack.
If a ransomware attack originated from another country, you have virtually no hope of ever recovering your money through the criminal procedure by the foreign government. It’s still a good idea to report any attacks to the FBI, on the off chance that they catch a perpetrator in the United States and allow you to file a claim against them. Don’t expect this to happen, however; the chances are incredibly slim that they’ll be within your national borders, will get caught and will still have assets to compensate you with after they go through a trial.
Are Chargebacks Possible?
Most savvy ransomware operators demand payment only in the form of cryptocurrency, usually Bitcoin. That’s because it’s easy to “wash” through multiple accounts to keep the recipient anonymous. Once you’ve paid for the cryptocurrency, you can pretty much chalk the money up as a loss.
Some of the less savvy operators still use e-wallet services, some credit card processing, or even direct bank transfers. At least one model that appeared in 2017 (Widia) came bundled with the logos of major credit card companies and a direct payment interface. That can be even riskier than a Bitcoin payment, as the hackers may be attempting to get your account information for further fraud.
But if you’ve already made a credit card or e-wallet payment and restored access to your files, it can’t hurt to get in touch with the bank and see if it can initiate a chargeback. Policy on payments made due to extortion vary significantly by locality and are not always entirely clear. For example, in the United States, the Fair Credit Billing Act does not directly address payments that you were compelled to initiate due to extortion or coercion.
You can ask a bank or credit card company to work with you, but they are likely not legally obligated to reverse the charge. You’ll have the best chance if you save as much evidence of the crime as possible (like messages and screenshots) and if you file a police report.
Cyber Insurance
A pro-active measure that vulnerable businesses will want to look into is “cyber insurance.”
Cyber insurance policies for businesses cover a wide range of computer-related fraud and crime. These policies originated as a protection against data loss, espionage and the actions of rogue employees, but as of late many are also incorporating ransomware attacks.
You’ll have to check with each insurer to verify that it covers ransomware. Premiums are set based on an overview of your existing security measures along with the results of periodic audits.
Backups: The Only Real Defense
With recovery being next to impossible and criminal prosecution not much more likely, the only real defense against ransomware is a pro-active backup plan.
Most businesses will want backups done at least daily, and some may want them as often as every two hours. An automated “snapshot” backup that preserves everything as-is automatically is ideal, along with a solution that backs up to both local secure storage and cloud-based hosting simultaneously.