Experts: Ransomware hackers count on confusion, panic to bilk victims

Daniel Uria
Ransomware attacks, experts say, are often confusing and sometimes very difficult to resolve. File Photo by MilousSK/Shutterstock
Ransomware attacks, experts say, are often confusing and sometimes very difficult to resolve. File Photo by MilousSK/Shutterstock

June 26 (UPI) -- The recent decision by a South Florida city to pay cyber terrorists $600,000 to retake control of government computers has drawn criticism from the public and law enforcement.

After similar ransomware attacks severely crippled systems in Baltimore and Greenville, N.C., the city of Riviera Beach, Fla., opted by unanimous vote last week to avoid the headache by paying 65 bitcoins for a decryption key that would retrieve its files. Those bitcoins were worth hundreds of thousands of dollars.


Nearly seven weeks after the attack, some Baltimore systems are still down, and it's not clear whether the city can recover its seized files.

Many were surprised at Riviera Beach's decision to pay, and the FBI and most security officials advise against it. There's no guarantee the data will be recovered -- and it sets a potentially dangerous precedent.

RELATED Florida city votes to pay $600K ransom after latest cyberattack

Zohar Pinhasi, CEO of cybersecurity firm MonsterCloud, told UPI some hackers use hastily produced ransomware that often damages the files it holds hostage. If there's a problem, they certainly won't be of any help.

"You expect to actually pay the ransom and receive a key that will unlock everything, but in reality, it will only unlock the encrypted data. It will not unlock the corrupted data," Pinhasi said. "They just want to get their money and they're going to leave. They don't really care about anything else."


Alex Heid, chief of research and development at SecurityScorecard, said ransomware attacks sometimes are difficult to resolve because no one's there to take the payment.

RELATED Hack that cost Baltimore $18M a mystery after experts eye NSA link

"Most companies that get hit by ransomware, there's someone on the other side to actually receive the payment," he said. "But it has happened where essentially ransomware campaigns become ghost ships not really run by anyone, so there's no one to pay to unlock them."

Heid said another reason not to pay the ransom is "white hat" hackers -- those working for the good guys -- will usually crack the encryption, anyway, at no cost. But there is a price of another kind.

"The downside is you have to wait," he said. "If you're operating a business losing revenue by the day ... that's what the attackers are betting on."

RELATED Cyberattack ruled out for South America power blackout

Heid and other experts recommend that governments or businesses resist the "initial shock" of the ransom demand and the impulse to get files back.

"No one ever just gets hit once by this kind of attack or any kind of extortion, They hit you for a small amount and they keep coming back because they know you're inclined to pay out," he said.

Authorities have found the attacks against Riviera Beach, 75 miles north of Miami, and Baltimore were phishing attempts, a tactic in which hackers pose as a trustworthy source to coerce people into clicking links that give access to their computer systems.


Experts say the best way to protect against such attacks is to stay informed about the cyberattack landscape, and keep computer systems and protections up-to-date.

"These attacks are successful because they're banking on the inexperience of the user," Heid said, "from the infection process through the ransom process."

"Education is the key," Pinhasi added. "Ransomware is an ever-evolving industry. What I know right now maybe doesn't apply 10 to 15 minutes from now."

Latest Headlines