The FBI has issued new guidance saying that in some cases, victims of ransomware should pay up to hackers in order to get your data back.
Until recently, law enforcement has had a very tough stance on ransomware – which was basically, to not give in to criminal demands, as doing so will only incentivise other criminals to do the same.
Instead, companies need to make sure they don’t become victims of such an attack in the first place, they need to keep fresh backup copies of their crucial data and they need to educate their employees on the dangers of ransomware and phishing (most popular method of spreading ransomware).
However, in a freshly updated guidance, the FBI says that there are some scenarios in which it’s OK to pay ransom.
"Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals," the FBI's advice reads. "However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers."
But this could also mean that the FBI has found new ways to find the perpetrators, and that would require a money transfer.
"Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to law enforcement," the guidance continues. "Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under US law, and prevent future attacks."