Microsoft Finally Revealed Its Stance On Paying Ransomware Demands

In mid-2010, ransomware became the most common threat online and since then there has been a debate about how to deal with it, whether to pay a ransom or not.

The major point of concern has been the advice that many government and private agencies have been giving. As in 2015, one of the FBI agents said publicly that bureau endorses that victims should pay the ransom demands. This started a controversy and many were shocked to see that the FBI was favoring the criminals in increasing their profit.

However, a few months later in 2016 after US senators questioned the Bureau about why they were supporting criminals, the agency changed its official statement. FBI now holds a stance of deferring the decision to pay ransom demands, without formal demands.

The agency only requests victims to report infections so the active ransomware strains and groups can be identified.

Many companies have been sharing their stance about the merits of paying a ransom demand. Recently Microsoft revealed its stance saying they do not support victims paying any kind of ransom demand.

Ola Peters, Senior Cybersecurity Consultant for Microsoft Detection and Response Team (DART) said it is often expensive and dangerous to pay a ransom and would encourage the criminals to carry more attacks.

Microsoft also admits that at times the affected organizations have no option but to pay a ransom as at times there is no access to recent backup or even the backup is ransomware encrypted. However, there is a possibility that even after paying the ransom to get ransomware decryption key, the encrypted data might not be restored.

There are chances that the decryption key might not work or have bugs that might destroy the data. At times ransomware gangs lose the original decryption key and play a scam by giving the fake decryption key.

Therefore, Microsoft suggests companies to pro-actively respond to such attacks and take firm decisions against it. According to Microsoft, companies must invest in reducing the vulnerabilities and create strong backups that would help to recover from any kind of attack.

The company suggested the following six steps related to how to respond to ransomware attacks:

1. An effective email filtering solution must be used.

2. Hardware and software systems patching and effective vulnerabilities management on a regular basis

3. Use the latest antivirus and endpoint detection and response (EDR) solution

4. Keep administrative and privileged credentials separately from standard credentials.

5. An effective application whitelisting program must be implemented

6. Critical systems and files must be backed up regularly.

Microsoft Finally Revealed Its Stance On Paying Ransomware Demands

Read next: Experts Suggest You Shouldn’t Reboot PC After Ransomware Infection
Previous Post Next Post