Former CIA Officer Jason Hanson Reveals...

Spy Secrets That Can

Save Your Life

Get Out Alive

Never Pay a Hacker’s Ransom

, / 3748 5

It seems like more and more frequently these days, there are reports of new cyberattacks targeting large corporations. Last month, we witnessed another massive cyberattack hit Europe, targeting banks, shipping companies and multinational agencies, some with offices in the U.S., like the pharmaceutical giant Merck.

When trying to access their computer or bank account, victims saw the following message:

If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our encryption service.

This attack was similar to the WannaCry ransomware attack that ripped through Microsoft operating systems in May. But in this case, the hackers planted the virus in MeDoc, a popular piece of Ukrainian accounting software. When MeDoc users updated their software to the latest version, they unknowingly downloaded the ransomware.

Because of the cryptoworm’s origin, businesses and government agencies in Ukraine were hit especially hard. According to CNN, “Officials at Ukraine’s postal service and metro system in Kiev also reported hacking problems.”

Not only that, but computers at the Cabinet of Ministers, the Chernobyl nuclear power plant and ATMs across Ukraine were all affected. The hackers demanded a ransom of $300 in Bitcoin to unlock each machine.

This particular virus was dubbed “ExPetr” because researchers determined it was similar to another ransomware hack called “Petya” that was traced to a group of Russian criminals.

Cyber Attack


The Devil to Pay

Now, I realize many of you depend on your computers for work, and without access to your files you could be losing out on income. Paying $300 in Bitcoin to have your files restored may seem worth it, but here are four reasons you should NEVER pay a ransom to recover your data:

It might be fake ransomware. Even if you receive an alarming message on your computer like the one above, it actually might be a hoax. According to the company Citrix, in a study of 200 companies that had been the targets of fake ransomware, 63% of the companies ended up paying the ransom even though it was a hoax. Just because you receive an electronic ransom note doesn’t mean your files have been affected.

Criminals are greedy. Let’s say you receive a message that if you pay $300, all your computer files will be restored, and you panic and send the payment right away. Criminals will take this as a sign they can extort more money from you, and they will often ask for more. They may even continue asking for more money each time you make a payment to see how much they can get out of you without restoring your files. Don’t negotiate with terrorists.

They are called criminals for a reason. With the ExPetr cyberattack, the email address that sends you the decryption key is no longer active. Even if you pay the ransom, the hackers can’t send you the decryption code like they claim they will.

Listen to the FBI. According to the Federal Bureau of Investigation, you should never pay a ransom for access to your computer because it emboldens criminals to continue executing these types of crimes. If no one ever pays the ransom, the whole scheme would be a waste of time and cybercriminals would likely move on to another scam.

So what should you do if you receive a ransomware message?

First, disconnect your computer from the network you are on to reduce the chance of infecting other computers. Second, shut down your computer and contact an IT professional who can tell you the best way to save your data from being completely erased.

And of course, as a precautionary measure, make sure you regularly back up all of your files so that if your computer does get hijacked, it’s not that big of a deal.

Spy Secrets That Can Save Your Life Free Book Offer


  • Eddy says:

    You realize that your advise is worthless. When it comes to business files. People are going to pay ransom because its their only chance to ever retrieve their files back. Without encryption key everything is locked forever and technician can decipher 256 bit encryption not in their lifetime.
    the real solution here. Mr ex cia. Is to use online back like carbonite or similar so then all your files are backed up independent of your computer.

    • Jason Crawford says:

      Hey Mr. Eddy,

      I think “Mr ex cia” actually mentioned backing up your system ahead of time as the last point in this article. And honestly, programs like Carbonite are fine for some people, but you’re really better off backing your computer up to a physical hard drive that you store somewhere safe. There’s always a risk that companies like Carbonite will be compromised or have their own system failure. Plus having your personal data stored there may have other risks.

      So I don’t see this advice as being worthless at all. It’s actually very informative for a lot of people who might otherwise not be prepared for such a situation.

  • Doug says:

    If you get that blue screen saying to call “microsoft” to correct the problem, you won’t be calling Microsoft but some extortionists who claim they will clean your computer for $xxx. Then they get you to load TeamViewer or other sharing system and they download all your info for identity theft or further extortion. All you really had to to do was press ESC and you would have gone back to your screen. This happened to me and I didn’t know it until I took my laptop to a computer store for an entirely different reason and told them who was cleaning my computer. LOL. Live and learn.

    • Jason Crawford says:

      You’re absolutely right, Doug. I recently got one of these silly messages on my iPhone of all places. Whenever you’re told to contact one of the big tech companies at some random number, you should check with a professional before calling. At the very least, contact that company (Apple, Microsoft, etc.) and confirm that the number you were provided is accurate. Most of the time it will not be.

      Best of luck and I hope your identity is secure. If you haven’t done so already, you may want to consider freezing your credit. Jason Hanson wrote up a step-by-step guide on this some time ago. You can see it here:

  • David says:

    Ikr. I have an IPad, and I frequently get those “your ipad has been randomly selected by Charter to be the one to participate in a survey to give you a $1000 gift card for the e-store of your choice” notices. As much as I like the idea, every time I get that notification, I back out and delete my browser data. I’m pretty darn sure that it’s a scam, but I’m not taking any chances. On the subject of get rich quick schemes however, does any one here think it’s a bad idea to do Publisher’s Clearing House?

Leave A Reply

Your email address will not be published.