Ransomware Attack: Why Harare Institute Of Technology Should Never Pay Hackers

If you’re not familiar with ransomware yet, expect to hear a lot more about ransomware this year. And some hopeful you will not be a victim.

Ransomware threats have become more common in the last five years when such malware threats would infect your computer and prevent you from utilizing certain functions of your system while the infection demanded payment to unlock your PC. This year ransomware has evolved into a much more intimidating form that encrypts data and files stored on the hard drive of the infected computer and demands payment for a decryption key to ultimately restore your computer.

Today Harare Institute of Technology (HIT) has been the latest local university to be victim.  According to a copy of an email sent to Techunzipped, the hacker are demanding a sum of $999 to a bitcoin address they provided.

“We require that you pay USD$999 for the decryption key and instructions on how to recover all your data…… We will also disclose instructions on how payment should be sent via Bitcoin…. fail to pay the ransom by the 27th of June – all of your files will be lost and we will dump the decrypted 56GB gzipped database online.” the hacker wrote.

Ransomware, is a huge headache. And according our in house security expert, it’s going to become more of a problem this year.

Techunzipped security expert, Pardon K Gatsi said that paying cyber criminals to get your data back is usually not the best course of action.

“It’s like a hostage state of affairs most of the time. Most countries don’t negotiate with terrorists, they do not give into threats. It’s kind of like the same thing with ransomware,” Gatsi said.

“I mean we should not cheer when people pay ransom because it only oils the cybercriminals means to continue developing more advanced and sophisticated ways of delivering that ransomware to your computer,” he said.

Paying the ransom to the cybercriminals is no 100% assurance that you will receive a decryption key to unlock your data. There have been many cases where computer users pay the ransom fee is never receive the decryption key. There’s always the probability of the criminals turning back around to come after your data again asking for more money cause they now know you are a good customer.

Recent research by Trustlook showed that 38 percent of consumer victims end up paying the ransoms when confronted with an infection.

An IBM study in late 2016 showed that in the US 70 percent of businesses paid to get their data back. 50 percent of those paid more than US$ 10,000 (£8000), and a further 20 percent paid more than US$ 40,000 (£32,000).

It includes those who should know better. A recent Bromium study showed that 10 percent of security professionals, when confronted with the mass encryption of their files, paid up.

The bottom line is that you should do everything you can to avoid being victim by practicing basic security of keeping your apps and software up-to-date. The stress-free attack to deal with is certainly the one you have been able to avoid all together, but the second easiest is the one you’ve already prepared for by going through it!