Hit by Ransomware? Your Options Aren’t Great

When it comes to fixing a “WannaCry” hack, cybersecurity expert tells TheWrap “intricate process is nearly impossible”

The massive global cyberattack that’s hit 300,000 computers in more than 150 countries has left companies, government agencies, and individual users with few options to remedy the situation.

Developed using stolen National Security Agency tools, the “ransomware” virus locks infected computers, encrypts their data, and demands a $300 payment in Bitcoin to release their devices. It’s the largest ransomware attack on record, according to European officials. While $70,000 has already been paid according to U.S. Homeland Security Advisor Tom Bossert in a briefing on Monday, the figure only appears to be headed higher, as the ransom doubles after three days of infection.

So what can you do if your computer is struck by the hack? Well, you’re more or less screwed, according to Robert Lee, CEO and founder of the industrial cybersecurity firm Dragos, Inc.

In a phone conversation with TheWrap, Lee outlined the options to fix your system if it’s under the stranglehold of “WannaCry,” as the virus has been named.

“With ransomware, once you’re infected, there’s really only three possible scenarios, and only two of them are reasonable,” said Lee. Your first choice is to “reverse engineer” the malware, he said, find the decryption key, and unlock your computer. But for normal IT staffs and the non-Zuckerbergs of the world, this intricate process is nearly impossible, Lee argued, saying it’s compounded by the fact hackers are getting better at hiding their digital keys.

“The two realistic [options] are you pay the ransomware author and it releases your system, or you can maintain good backups and you’re able to actually backup your system to a point before the ransomware impacted it,” explained Lee.

Neither is optimal, though: You’re either paying the pirates that’ve already violated your privacy, or you have to consistently backup your system — which is both time consuming and costly.

“It does, once again, stress the importance of backups, and of implementing controls like cyber deception to stop lateral movement inside your network,” said Gadi Evron, founder and CEO of “cyber deception” startup Cymmetria, in an email to TheWrap.

For his part, Dragos’ Lee said he’s “not a fan” of paying off ransomware hackers because it “incentivizes the market.” But if you’re in the position of the National Health Service — England’s national healthcare system — with nearly 50 hospitals paralyzed and appointments being cancelled or delayed, paying the ransom “might actually be the right business move.” Lee doubted a large organization like the NHS would have sufficient, timely backups for all of its patient data; without paying, it’d have to wipe the computer systems and reload hospital notes.

But it begs the question, what would stop the hackers from targeting your computer again, or from failing to release your information?

“Absolutely nothing,” said Lee. But “they have an incentive to make sure that you feel that you can pay them and that it’ll be OK… if you pay [the hackers], and [the hackers] don’t unlock their system, or they just re-infect you, then obviously other people are going to find out about that and not pay [the hackers] in the future.”

The virus targeted outdated Microsoft software. The tech giant issued a patch for the vulnerability earlier this year and shared it again on Friday. You can find it here. Unfortunately, once the ransomware hits a device, using the patch isn’t an option.

To recap your choices: Unless you’re an expert coder, you’ll likely need to pay the ransom, or wipe your hardware — and lose all of your files in the process. Pick your poison.