Malware victims should pay Bitcoin ransom

     An FBI agent has advised victims of malware such as the Bitcoin ransomware Cryptolocker to pay a Bitcoin ransom if they want to see their data again.

     Joseph Bonavolonta, who oversees the SEC 's Boston office, told executives at a cybersecurity summit on Wednesday that they'd better pay the ransom.

     According to a June FBI report, the amounts ranged from $ 200 to $10,000. Bonavolonta said:

     "The amount of money these criminals are asking for is huge, and that's because the vast majority of organizations will just pay the ransom...To be honest, we often advise people to pay the ransom."

     Programs like Cryptolocker and Cryptowall are often spread through phishing emails, demanding Bitcoins to unlock files they have encrypted on the user's computer.

     The FBI said it received 992 complaints about Cryptolocker in a 14-month period, with victims reporting losses of $18 million. “Criminals like Bitcoin because it is easy to use, fast, public, decentralized, and offers enhanced security or anonymity,” the report reads.

     Because ransomware has found such massive success, Bonavolonta said attackers will likely continue to demand it to maximize their profits. They are mostly honest for the same reason, he added: "You want your access restored."

no promises

     When Cryptolocker first hit the UK in 2013, the National Crime Agency (NCA) told businesses not to pay the ransom.

     "The National Crime Agency will never endorse paying ransoms to criminals, and there is no guarantee that they will honour the payments under any circumstances," the statement read.

     In April, Jornt van der Wiel, a security researcher at Kaspersky Labs, echoed this sentiment, telling CoinDesk: “Since there are ways to get the files without paying the ransom, users often give in. This is the wrong strategy, but it’s often the easiest strategy for the user.”

     A 2014 study by security firm ESNET showed that only 1.4% of victims paid the Cryptolocker ransom to gain access to the decryption software.

Others, including Dutch authorities, believe that paying ransoms actually contributes to the problem because it encourages malware operators to continue and attack new victims.