Techno Savvy Club

WASHINGTON—The Federal Bureau of Investigation is wrestling with an increasingly common type of computer hacking, one that requires victims to pay ransom to get their personal data back.

At a computer security conference in Boston last month, FBI Assistant Special Agent in Charge Joseph Bonavolonta said certain types of “ransomware” are so good that “to be honest, we often advise people just to pay the ransom.’’

Ransomware is a form of extortion, in which hackers infiltrate a business’s or an individual’s computer, encrypt the personal data, and then demand a payment to decrypt it, usually ranging from $200 to $10,000. Certain types of ransomware, commonly known as Cryptolocker and Cryptowall, are so effective that they make it close to impossible to recover the data if the victim has not made backup copies. Victims of ransomware are reluctant to talk about it out of fear of being targeted again.

Mr. Bonavolonta’s remarks, reported earlier by securityledger.com, have prompted debate about whether the FBI is encouraging, directly or indirectly, behavior that leads to more hacking.

FBI spokeswoman Kristen Setera declined to say if FBI officials recommend paying ransom to hackers, as Mr. Bonavolonta stated. She said the agency “works closely with the private sector so that companies make informed decisions in response toMALWARE attacks.” She also said companies can prevent malware infection by using backup and detection systems.

In June, the FBI said that there had been nearly 1,000 Cryptowall-related complaints over a 14-month period, with victims reporting losses totaling more than $18 million.

“I don’t think it’s an official FBI policy that U.S. citizens pay extortion,’’ he said. “But if you get hit with this and you don’t have a backup, your options are pretty limited. … You can leave your data encrypted or you can pay them.’’

This is not the first time the issue of ransom payments and the FBI’s role in advising victims has become a hot topic. Earlier this year, government officials said the FBI helped the family of Warren Weinstein, who had been kidnapped by the Pakistan Taliban, try to make a ransom payment. The effort was unsuccessful and Mr. Weinstein later died in a U.S. drone strike, along with an Italian hostage.

That case and others led to a fierce debate about how the U.S. should respond to demands for ransom from international terrorists or kidnappers. It has also led to the appointment of a White House coordinator for such cases to try to better COMMUNICATE and advise the families of those kidnapped.

There are some similarities to the debate over ransomware—though, of course, the stakes are far lower when someone’s data, not their life, is in jeopardy, and the ransom demand can be as little as a few hundred dollars.

In cases where the ransomware software is effective and the ransom demand is relatively low, telling someone to pay up can be good advice, experts said. “I think it is the right assessment,” said Shuman Ghosemajumder, vice president of strategy at Shape Security. “However, in terms of advice for an individual user, they should never just blindly pay the ransom. Regular users aren’t going to know the difference between less-sophisticated and more sophisticated ransomware. They should always get a professional opinion,” he said.

Credits: wsj.com