I’ve dealt with two ransomware situations so far.
One of them started with a zero-day; during a routine virus scanner signature update about a day later we caught it, but it had already encrypted hundreds of files. The encryptor was heavily resource-throttled so that it didn’t make the infected PC unusable, which is why we didn’t get hit harder.
The other one was a spear-phish of the email of a research scientist, and it hammered a small non-profit that I do occasional pro-bono work for. They ended up losing a lot of files, sadly.
As in every case when I’ve contacted the FBI about a computer crime, they basically said two things:
- don’t pay the ransom.
- sucks to be you, because we don’t have time for this petty nonsense, goodbye.
This is in stark contrast to the two times the FBI has come to me - in those cases they said:
- you really want to co-operate with us instead of being part of a conspiracy
- give us the computers on this list and say nothing to anyone
My personal philosophy is that extortionists should never be paid no matter how much damage they do. So far I’ve managed to convince the victims to see my point of view.