Some sage security advice after Radiohead’s unreleased music hack

Bad news: Radiohead was hacked.

Last week, a hacker stole the band’s lead singer Thom Yorke’s private minidisk archive from the band’s third album and subsequent major worldwide hit, “OK Computer.” The hacker demanded $150,000 or they’d release it to the public.

Stuck between a ransom and a hard place, Radiohead released the tapes themselves.

The recordings were “never intended for public consumption” and “only tangentially interesting,” the band said in a post on Facebook. But “instead of complaining – much – or ignoring it, we’re releasing all 18 hours on Bandcamp” in aid of Extinction Rebellion, a climate change group.

Until the end of the month, the stolen recordings will be available for £18 ($23).

There is, though, a lesson to be learned. Holding files for ransom is more common today than ever thanks to ransomware. The event isn’t too dissimilar from a ransomware event. Pay the ransom or lose your files — or worse, have them spread all over the internet. That’s a business’ worst nightmare. We’ve seen ransomware destroy the computer networks of some of the largest companies around the world, like Arizona Beverages, Norsk Hydro and shipping giant Maersk. Ransomware is now a multibillion-dollar business, and it’s growing.

But in any ransom-type situation, the FBI has long told victims of ransomware to never pay. Security experts agree. Simply put, you run the risk of losing your files even if they pay the demand.

ProPublica recently found that even some of the largest ransomware recovery companies are quietly paying the ransom — and passing on the costs to the victim — with mixed results. In many cases, paying the demand failed to recover the files.

If there’s one takeaway from the Radiohead hack, it’s never pay the ransom. Better yet, plan for the worst and have a backup just in case.

Two years after WannaCry, a million computers remain at risk