It seems that the FBI takes an increasingly permissive stance regarding ransomware infections and ransom payments. According to digital forensics specialists, the agency updated its guide for private companies on how to deal with an encryption malware infection. The updated version includes a section discussing the possibility of paying the ransom to hackers.
This seems like a measure against the victims, so we need to add some context. The FBI acknowledges that paying the ransom may be a viable option, although it maintains its original posture, recommending the ransomware victims not paying hackers to regain access to the encrypted files.
In short, the new section in the guide mentions: “Paying the ransom puts criminals in charge and renders any company more prone to be a cyberattack target. However, the FBI recognizes the right of company executives to evaluate and determine the best option to protect the information of their customers, employees and shareholders.”
As we can see, in case of ransomware infection the main recommendation of the US authorities for companies is under no circumstances to try to negotiate with the hackers or pay them a single dollar. “Paying the ransom only generates new victims of cyberattacks, in addition to providing funds for criminals to keep operating, not forgetting that nothing guarantees us that paying the ransom will recover the encrypted information”, mention the digital forensics specialists.
Despite warnings from law enforcement agencies and members of the cybersecurity community, there are alternative positions, suggesting paying the ransom as the best option. “The fight against ransomware is exclusively up to the authorities, victims should not worry about not encouraging this practice at the cost of losing their files”, some proponents of this approach mention.
Digital forensics specialists from the International Institute of Cyber Security (IICS) mention that reporting these incidents is a key element in having a broad picture of how these threat actors operate, so without whether the decision to pay or not, ransomware victims should not stop notifying the authorities of these infections.