Paying a ransom only reinforces the act of holding for ransom. Don't pay it.
Here’s the situation. You’re minding your business, doing things on your computer, tablet, phone, whatever, and an error message pops up. But this isn’t an ordinary message; this one tells you that all your files have been encrypted, and that if you don’t pay some money to get the encryption key, you lose everything.
A gross, disgusting insult to all that is fair in the universe. If this kind of thing doesn’t strike you as grossly unfair, you’re not a human being.
It’s called ransomware, and it seems to be the latest rage in the world of computer viruses.
And every time I watch the news people talking about it, or read some article about it, I keep seeing the same conclusion: there’s often no way of decrypting the files, so you might have to just pay it.
The logic is simple: assess the value of your kidnapped information, and compare that to the cost of the ransom. If the ransom amount doesn’t justify the value of the information, let it go. If the cost of losing the information exceeds the ransom, pay it, and move on with your life.
Except it isn’t.
The truth: paying ransom is morally, ethically, wrong. It doesn’t just cost you money, but it hurts others by enabling and reinforcing the very act of hijacking/kidnapping in the first place.
If it were a person, I could understand. If it were my daughter, I’d have a hard time saying to the kidnapper, “do what you must; for I choose to not reward you for your evil.” I wouldn’t be able to; not if my baby girl’s life is at stake. But we’re talking about some computer data.
It can be a lot of work. If I were to churn out 100,000 words for a new book, for example, with multiple layers of edits, and for some reason not have the usual ten backup copies scattered about, I would have a difficult time letting that much work be destroyed. But I would have to let it go, because for the good of all, it doesn’t serve to reward the people who spread these kinds of software. Just think: every time someone pays a ransom, at least a thousand more people will have their data held for ransom.
Even in the case of business, where the loss of data might set back the company some huge amount. Business is, at the end, about people. And I as a client would lose respect for a business if I learned they’d paid to support that sort of thing. I’d actually prefer if they lost my whole file or case or whatever it is and say to me, “we have a policy of not supporting terrorists.”
Such a business would earn my business, assuming they found a new IT person, of course.
I don’t know why the news media can suggest we just pay the ransom, but it seems to be presented as a perfectly legitimate solution every time.
It’s not. Unless someone’s life is at stake, paying a ransom is ethically, morally wrong. It only creates more ransomers, and ensures others will suffer a similar fate. The very act of paying a ransom perpetuates the very existence of this bullshit.