As documented in numerous Nicolas Cage movies, the FBI has a fairly strict ‘don’t negotiate with the terrorists’ policy. Unless you’re a company that’s had your files encrypted, in which case you should probably just pay the ransom. Welp.


According to Security Ledger, the advice comes from Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in the Boston office. He said that “the ransomware is that good,” and that “to be honest, we often advise people just to pay the ransom.”

Ransomware is malware that infects a user’s computer, encrypts all of its files (often including networked backups), and then demands a payment in Bitcoin. The payment is small enough to be cheaper than trying to fight the encryption, often around $500.


The most infamous example is Cryptolocker, which some estimates had bringing in $30 million in 100 days. There’s not much that can be done to recover a Cryptolocked file without the encryption key, so unless you have a recent, offline backup (hi tape decks!), paying a couple hundred dollars is probably worth it.

That said, the FBI still wants to hear your ransomware tales of woe—the agency urges any corporation affected to contact the local field office. Just don’t expect swarms of agents helicoptering through the windows for emergency IT repair.

[Security Ledger]