In the spring of 2014, Mark Schneider’s computer became progressively more sluggish until this message appeared: “Your important files were encrypted on this computer.” Suddenly all his digital assets—the bookings, the down payments, the deposits of the soon-to-arrive summer patrons at his small Ontario fishing resort—were rendered inaccessible. Perhaps more disturbing was what the note went on to say: “To retrieve the private key”—the secret pass code that would unlock his electronic property—“you need to pay.”
Incidents of digital ransom, or ransomware, have soared in recent years. One study determined that a single campaign—a malevolent program called CryptoWall 3.0—may have earned its developers more than $325 million in payments such as the one solicited from individuals and businesses like Schneider’s.
The surge has prompted tough questions for law-enforcement officials, forcing them to rethink the old playbooks on traditional hostage taking and theft. “To be honest,” FBI agent Joseph Bonavolonta reportedly said at a recent conference in Boston, when other options are no longer viable, “we often advise people just to pay the ransom.” (The FBI officially recommends data backups, threat-detection software, and general caution online.) Some security experts argue that forking over cash enables robbers to profit off the racket and bankroll more hacks, but when the choice is to negotiate with cybercriminals or lose your data, untold numbers simply pay up.
The better route? Plan ahead. Shortly before the attack, Schneider signed up for a cloud-based data backup service, which enabled him to regain complete control of his files without paying anything (beyond the service’s subscription fee, of course). He was back to booking walleye and lake trout expeditions in no time. The phishers, however, are still at large.
A version of this article appears in the December 15, 2015 issue of Fortune with the headline “Hostage Negotiation Goes Digital.”
For more on cybersecurity, watch this Fortune video:
