A few weeks ago I talked about why pay­ing ran­som to get your data or com­put­ers back online was a bad idea: Like any bul­ly, once they suc­ceed in get­ting your mon­ey it will embold­en them to demand more and from more peo­ple.

But it turns out that at least one ven­er­a­ble Amer­i­can insti­tu­tion thinks you should pay: The Fed­er­al Bureau of Inves­ti­ga­tion.

Yep, the FBI says you should pay up. They are, in fact, on record (Octo­ber 22, 2015) telling peo­ple to pay the ran­som:

Joseph Bonavolon­ta, the Assis­tant Spe­cial Agent who over­sees the FBI’s CYBER and Coun­ter­in­tel­li­gence Pro­gram in Boston, spoke at the 2015 Cyber Secu­ri­ty Sum­mit and advised that com­pa­nies infect­ed with ran­somware may want to give in to the criminal’s demands.

After my post went online, I heard from a col­league who told me:

I was pre­sent­ing in an Infra­gard brief­ing at the FBI office, and they basi­cal­ly told every­one there was noth­ing they could do if it hap­pened, that they were pret­ty much on their own. There is also no telling what the ran­somware left behind for anoth­er go-round, or con­tin­ued sur­veil­lance while it held the sys­tem cap­tive. Mere­ly breath­ing a sigh of relief and think­ing you are in the clear a real­ly bad idea.

Although it’s still the right thing to do, I know that not pay­ing the ran­som is dif­fi­cult, even if you have good back­ups. It’s not as fast as just pay­ing because it takes a lot of time to restore and you’ll still lose some data. And, whether you pay or not, there’s a good chance you will get hit again with a new strain of ran­somware, so why fight it?

I won­der what the dom­i­nant type of back­lash will be as more US cit­i­zens wake up to the fact that law enforce­ment can’t help them pre­vent or recov­er from these new cyber crimes? Anger? Fear? Vig­i­lan­tism?

What do you think is most like­ly?