Written Answer

Response to Ransom Threats on Internet

7 November 2016 · Ministry of Home Affairs

Speakers

K Shanmugam (Minister for Home Affairs and Minister for Law) Foo Mee Har

Summary

This question concerns Ms Foo Mee Har's inquiry into the legality of paying ransoms and the recommended response for corporations and consumers facing internet ransom threats. Minister K Shanmugam clarified that while paying ransomware demands is generally not an offence, victims are strongly advised against payment and should instead lodge a Police report immediately. He emphasized that prevention is critical, urging the use of firewalls, spam filters, up-to-date anti-virus software, and regular data backups to protect computer systems and devices. The Minister further advised the public to exercise caution when dealing with strangers or unfamiliar email sources to avoid downloading suspicious files or attachments. Finally, he warned that payment offers no guarantee of data recovery, as some victims remain unable to access their files even after complying with ransom demands.

Transcript

13 Ms Foo Mee Har asked the Minister for Home Affairs whether payment of ransom is legal and how corporations and consumers should respond to ransom threats on the Internet.

Mr K Shanmugam: In some situations, payment of ransom, for kidnapping, could be an offence under the Kidnapping Act. Beyond that, payment of ransom, for example, to be free from some other threat, is generally not an offence.

There is a trend on the Internet, termed as "ransomware", where a cybercriminal locks the victim’s files, computer system or mobile device and restricts its access, until a ransom is paid.

While it is generally not an offence to pay ransom to a cybercriminal who deploys ransomware on the victim’s computer or device, victims are, nevertheless, advised not to pay the perpetrator. There is no guarantee that their files can be recovered even if they have paid a ransom. There have been instances where users were unable to access their files again. Instead, victims of ransomware should lodge a Police report as soon as possible.

Prevention is key to avoid falling prey to ransomware and other cybercrime. Individuals should be careful when dealing with emails from unfamiliar sources or when interacting with strangers on the Internet, and not to download suspicious files or open attachments in emails from these unfamiliar senders. The public and corporations should also protect their computers or devices with firewalls, spam filters and up-to-date anti-virus software. They should also back up their data regularly.