Since then, the FBI's official position has been to defer the decision to pay a ransom to the victim, with no formal advice. Instead, the agency has requested only one thing -- that victims report infections, so the agency can get an idea what ransomware strains and groups are the most active today, and the overall breadth of the ransomware epidemy.
The controversy that surrounded the FBI's initial advice for dealing with ransomware infections has triggered endless debates online about the merits of paying a ransomware demand, and what stance various companies and agencies have on this topic.
In a blog post today, Microsoft, for the first time, revealed its stance on the matter.
"We never encourage a ransomware victim to pay any form of ransom demand," said Ola Peters, Senior Cybersecurity Consultant for Microsoft Detection and Response Team (DART), the OS maker's official incident response team.
"Paying a ransom is often expensive, dangerous, and only refuels the attackers' capacity to continue their operations," Peters added.
However, Microsoft understands that in many cases, organizations are sometimes left with only one option on the table -- paying the ransom -- as they don't have access to recent backups, or the ransomware encrypted the backups as well.
But even if victims choose to pay the ransom, Microsoft warns that "paying cybercriminals to get a ransomware decryption key provides no guarantee that your encrypted data will be restored."
For example, the decryption key might not work, the decryption app may contain bugs and end up destroying data, or the ransomware gang might have lost the original decryption key, and they're just running a scam.
Instead, Microsoft would want companies to take a pro-active approach and treat ransomware or any form of cyber-attack "as a matter of when" and not "whether."
Companies, Microsoft says, should invest in minimizing the attack surface and in creating a solid backup strategy so they can recover from any attack. More precisely, the OS maker recommends that companies follow six simple steps to prepare to respond to a ransomware attack, whenever that would happen:
1. Use an effective email filtering solution 2. Regular hardware and software systems patching and effective vulnerability management 3. Use up-to-date antivirus and an endpoint detection and response (EDR) solution 4. Separate administrative and privileged credentials from standard credentials 5. Implement an effective application whitelisting program 6. Regularly back up critical systems and files
10 worst hacks and data breaches of 2019 (in pictures)