By District Attorney Summer Stephan
Ransomware is a massive problem that doesn’t just affect corporations. It’s also a danger to ordinary citizens and government entities. Ransomware locks out the rightful user of a computer or computer network and holds the information hostage until the victim pays a fee. Hackers are also known for threatening to leak sensitive information to get victims to meet their demands.
You’ve heard these stories in the news recently, such as the Colonial Pipeline hack, which disrupted a major supply of fuel to the East Coast for about a week in May. The corporation admittedly paid more than $4 million in bitcoin to the criminal hacker group, much of which was recovered by the Department of Justice.
When it comes to getting hacked, many people want to know: should you pay the ransom?
There is no simple answer. But there are practical, ethical, and moral considerations argued by proponents of both sides of this debate. While the unique circumstances of each incident need to be considered by the victim, in most cases the answer is no, you should not pay the ransom. This is the position taken by federal and local law enforcement.
Despite this answer, many high-profile victims of ransomware have chosen to pay the ransom, in the hopes of restoring their systems and operations, with ransom sums in the millions of dollars. These decisions were hopefully made by individuals in positions of power that conducted a cost-benefit analysis and found that it made financial or operational sense for their entity.
While some organizations have made this decision, the practical reasons for not paying the ransom are compelling. Here reasons we recommend against paying the ransom:
If you fall victim to a ransomware attack, report the incident to your local law enforcement as quickly as possible.
As your District Attorney, I’m committed to increasing communication and accessibility between the DA’s Office and the public. I hope these consumer and public safety tips have been helpful.