WannaCry's ransom deadline is here. Should you pay?

With ransomware comes a hefty price and conflict over whether you should cough up the cash. Here's what the US government and cybersecurity experts say.

Alfred Ng
Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
4 min read

The people behind the WannaCry ransomware want you to pay up.


If you're one of the 4,000 victims a day who gets hit with ransomware, you're now stuck with a dilemma.

While the key advice to dealing with ransomware is prevention -- update your patches, back up your files, don't open any suspicious emails -- it really doesn't mean much after you've already been locked out of your computer while hackers extort your own encrypted files from you.

So now the question is: Do you pay up?

The short answer is no, but if you want the long answer, keep reading.

Watch this: Why the WannaCry cyberattack is so bad, and so avoidable

The WannaCry virus has struck in more than 200 countries, seized more than 300,000 devices and set a deadline for this Friday -- one week after it infected hospitals, universities and businesses. Payments for the ransom spiked on Monday, one day before the ransom doubled from $300 to $600.

There were more payments on that Monday than on Tuesday, Wednesday and Thursday combined, according to a tracker following bitcoins heading into the hackers' wallets. As the deadline looms, more victims are refusing to pay the ransom.

The majority of government agencies and cybersecurity researchers agree that victims should not pay the ransomware, but left it up to people to evaluate their own situations: Would losing the files leave them in financial ruin? If WannaCry infected computers in a hospital, is it a life-or-death situation?

Here's what each organization had to say about paying the ransom:

Federal Bureau of Investigation

"Please let us direct you to the FBI's Internet Crime Complaint Center (IC3) at www.IC3.gov and the most recent PSA on ransomware."

That's the agency's most recent policy, released on September 15, 2016. The FBI recommends that victims should not pay the ransom, because payment does not guarantee the victim will regain access to the locked-down data. Paying the ransom also encourages future attacks from hackers.

"While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees and customers," the agency said.

The FBI encourages victims to report the attacks as it tries to understand more about how ransomware attacks work and who's behind them.

Department of Justice

The Department of Justice also does not encourage paying ransomware. It pointed out cases in which victims were targeted again by hackers because of their willingness to pay.

In other situations, victims were asked to pay even more money for a promised decryption key after they had already sent the bitcoins.

"After systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees and customers," the department wrote in its guidelines on ransomware.

Central Intelligence Agency

The CIA follows the Department of Justice's and the FBI's guidelines on paying ransomware, a spokesman said.

Department of Homeland Security

Homeland Security follows the guidelines set up by the US Computer Emergency Readiness Team, a spokesman said. On paying ransomware, the guidelines recommend against it and encourage victims to report incidents to the Internet Crime Complaint Center.

Kaspersky Lab

Kaspersky Lab is a cybersecurity company that offers protection to more than 400 million users. It looked deep into WannaCry as the threat broke out.

"We advocate that people avoid paying a ransom because there is no guarantee the files will be returned. People should remember that it is possible to avoid being infected by having a multilayered approach to proactively protecting themselves," said Ryan Naraine, head of the global research and analysis team. "For those infected, the situation is not entirely hopeless as criminals often make mistakes in their cryptographic implementations that make the data retrievable. Decryption tools are available for some families of ransomware, and can be found from programs like NoMoreRansom Project."

IBM Security

The security firm did a survey and found that more than half of victims affected by ransomware would not pay to get their personal data back. That statistic changes when you're a business -- 70 percent of victims paid to get their financial files returned. With WannaCry, the company has already heard of cases in which victims did not get their data back, even after paying.

Like the others above, IBM Security recommends that victims do not pay the ransom.

"Firstly, nothing succeeds like success -- paying will further propagate the spread of ransomware as a way for attackers to make money; criminals will go where the money is," said Diana Kelley, a security adviser at IBM Security. "We've seen many cases in which the criminals don't end up releasing the data even after the ransom is paid. Keep in mind these are criminals. Why should you trust them?"


The cybersecurity group makes the rare recommendation of paying the ransomware but also suggests you try negotiating with the hackers.

"In some cases, paying the ransom is inevitable; customer, patient and financial data can't be easily replaced and has more than just personal or sentimental value associated with it," a Malwarebytes spokeswoman said. "In some attacks, there's also a very high probability you will get all of your files back when you pay. In situations like that, we recommend attempting to negotiate with the attacker for a decreased ransom payment or the decryption of key files rather than paying the entire ransom."

First published May 19, 7:01 a.m. PT.
Update, 7:43 a.m. PT: Adds comment from Malwarebytes.

CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.