Sometimes, authorities tend to flip flop on their ideals and later take a stronger stance based on future findings of a certain situation. Such has taken place when it comes to the FBI and their recent position on Ransomware, where they are now suggesting that companies should not pay the ransom fee to get their data back.
We recently published a piece on why you shouldn't pay a ransomware fee to get your data back. Within the publication, we revealed many reasons as to why paying the ransom fee on systems that have been infected with a destructive encryption-type threat is not a good idea. While many of those reasons make perfect sense, the FBI is just now adhering to them in their latest advisory to companies that may be afflicted with recent ransomware threats.
During October of 2015, the FBI's Assistant Special Agent in Chart of their Cyber and Counterintelligence Program, Joseph Bonavolonta, disclosed details about how the FBI is into handling ransomware. The disclosure hinted that companies should pay the ransom fee in the case of their systems being infected with crypto-ransomware to get their data back. At the time, the FBI drew a bit of criticism and overreaction to the FBI's idea of encouraging companies to pay cybercrooks money to get their data back.
As it turns out, the latest update on the FBI's stance on ransomware is that they are NOT recommending that companies pay the ransom fee. The strong stance comes fresh off of the heels of the FBI questioning Bonavolonta's statements, which did not sit well with officials at the FBI.
There is no question as to how severe recent encryption ransomware threats have been where they hold an infected system for a ransom fee sometimes amounting to over $1000. If ever an authority as well-known as the FBI makes a suggestion to companies, they usually listen. Unfortunately, the FBI's original suggestion to companies when it comes to dealing with ransomware threats was hastily made. Because of that, the FBI has recanted the stance made by Mr. Bonavolonta and is now strongly urging companies not to pay the ransom fee as a solution to ransomware threats that have taken hold of infected computers through file encryption.
Deputy Assistant Director of the FBI's Cyber Division, Donald J. Good, responded to the recent issue clearly stating, "The FBI does not advise victims on whether or not to pay the ransom." He also added that "The FBI advises that the use of backup files is an effective way to minimize the impact of ransomware and that implementing computer security best practices is the most effective way to prevent ransomware infections."
In the response letter from Mr. Good at the FBI, he also made it clear on their stance and suggestion when all precautions have been taken to combat ransomware that the victim's alternative is the pay the ransom. However, he mentions that the decision is ultimately the victim's choice alone.