Microsoft "never promotes users to pay ransomware money"


Network security | Since ransomware became a leading threat in the mid-2010s, people have been arguing a lot about proper handling of a ransomware attack and whether or not to pay a ransom.

A necessary point of this debate is the "official advice" from the various companies or government agencies given to the victim. For example, in late 2015, one of the FBI agents publicly admitted that they often asked victims to pay ransom.

At the time, many were shocked to learn that the FBI was protecting victims by paying ransomeware to make criminal gangs more profitable.

The FBI (Federal Bureau of Investigation) changed its position the following month, specifically in 2016, after US senators sent a letter to "ask" why the agency was helping. Crime.

Since then, what the FBI needed to do was delay the victim's decision to pay the ransom and not have any formal advice. Instead, the agency only asked one thing: victims should report their infected case so they can classify which ransomware group is the most active today and have an overall awareness of the whole. " disease "ransomware.


 
The FBI's initial advice on dealing with ransomware infections caused a lot of endless debate on the internet. It's all around the question of whether to pay a ransomware ransom. And the position of each company and agency is different in this topic.

Microsoft: We do not encourage users to pay for ransomware

In a blog post today, Microsoft first revealed its position on the matter.

"We never encourage ransomware victims to pay any kind of ransom request," said Ola Peters, senior cybersecurity consultant at the Microsoft Detection and Response Team (DART), a group Official company to handle the incident.

"Paying ransom is often very expensive, dangerous and only provides additional energy for them to continue raging," Peter added.

However, Microsoft also understands that, in many cases, organizations sometimes have only one option to pay the ransom, because they do not have access to recent backups or encrypted ransomware. these backups.

But even if the victim chose to pay the ransom, Microsoft warned that "paying cyber criminals to get the ransomware decryption key does not guarantee that your encrypted data will be recovered."

For example, the decryption key may not work, the decryption application may contain errors and eventually destroy data, or the ransomware gang may have lost the original decryption key and could be a scam.

Instead, Microsoft wants companies to take an proactive approach and regard ransomware or any other form of network attack as "a problem that can happen at any time" rather than "yes." is not".

Microsoft says companies should invest in minimizing possible attacks and need a solid backup strategy so they can recover from any attack. More precisely, the software giant recommends companies take these six simple steps to prepare for ransomware attacks, whenever that happens:

1. Use solutions must filter emails effectively.
2. Regularly patch software systems as well as hardware and effectively manage vulnerabilities.
3. Use an up-to-date antivirus program with endpoint detection and response (EDR) solutions.
4. Separate administrative and privilege information from standard logins.
5. Make a whitelist (whitelist) for effective applications.
6. Regularly back up important systems and files.