It’s been barely 19 months since the CryptoLocker virus started infecting computers around the world, but in that relatively brief time it has made a significant impression on thousands (some say millions) of computer users. It has also spawned a whole new category of cyber-criminal activity, known as encrypting ransomware.
Unlike earlier infections of this type, CryptoLocker and its successors follow best practices in their encryption methods. As a result, a user whose data files have been encrypted by one of these recent incarnations stands virtually no chance of successfully decrypting their encrypted files on their own.
The best way to recover from such an infection is to restore the files from a recent, unencrypted backup. But many users have discovered, too late, that their backups are nonexistent or, worse, have also been encrypted by the ransomware. In that case, the only reasonable chance of recovering those files is to pay the ransom.
But, is this a viable option? You will hear different opinions from different sources, many with their own built-in bias. I believe the most clear-headed, rational discussion of this issue appeared recently in a post by the British anti-virus software company Sophos, in their Naked Security newsletter. The article is titled “Ransomware – should you pay?” Here is a link to it: https://nakedsecurity.sophos.com/2015/03/19/ransomware-should-you-pay/.
In the way of full disclosure, this article pretty much mirrors the advice I have been dishing out on the subject for quite some time. While paying the ransom is distasteful to everybody, from a pure business standpoint it is frequently the most cost-effective option. You’ll find more of the pros and cons in the article.