Last Friday\u2019s massive WannaCry ransomware attack means victims around the world are facing a tough question: Should they pay the ransom?Those who do shouldn't expect a quick response -- or any response at all. Even after payment, the ransomware doesn\u2019t automatically release your computer and decrypt your files, according to security researchers. \u00a0Instead, victims have to wait and hope WannaCry\u2019s developers will remotely free the hostage computer over the internet. It's a process that\u2019s entirely manual and contains a serious flaw: The hackers have no way to prove who paid off the ransom."The odds of getting back their files decrypted is very small," said Vikram Thakur, technical director at security firm Symantec. "It's better for [the victims] to save their money and rebuild the affected computers."The WannaCry ransomware, also known as WanaDecryptor, broke out last Friday, infecting vulnerable Windows systems like a computer worm. More than 300,000 machines in 150 countries have been hit so far, U.S. homeland security advisor Tom Bossert said in a press briefing on Monday.The infection strikes by encrypting all the files on the PC and then displaying a ransom note demanding US$300 or $600 in bitcoin. Victims who don\u2019t pay will have their files erased after seven days.Owners of these machines may be tempted to pay the ransom, but don\u2019t count on getting your files back, said Matthew Hickey, director of security provider Hacker House.The culprits can only restore users' systems by manually sending the decryption key to each affected computer, which will amount to a time-consuming process, he said.\u201cYou\u2019re really at the mercy of the human operator. Someone at the other end of the connection," Hickey said.\u00a0The other problem is that WannaCry has no mechanism to determine who paid what and which computer should be released. \u00a0\u00a0Victims are merely told to send payment to one of three bitcoin wallets and then wait for a decryption key, said Maya Horowitz, threat intelligence group manager at security firm Check Point.But unlike most ransomware, WannaCry has no process to uniquely identify which ransom payment is tied to which computer, Horowitz said. Instead, users are left with a button on the displayed ransom note that says \u201ccheck payment.\u201d\u201cIt\u2019ll pop up an error message that says, 'We didn\u2019t get your payment. The best time to try again is Monday to Friday 9 am to 11 am,'\u201d Horowitz said. \u00a0Both Hickey and Horowitz said they haven\u2019t heard of any cases where victims successfully freed their computers by paying the ransom.However, Mikko Hypponen, chief research officer at security vendor F-Secure, tweeted on Monday that some victims who paid did get their files back. So far, F-Secure hasn\u2019t provided more details.The hackers behind WannaCry have already managed to rake in more than $56,000, according to records of the three bitcoin wallets provided for payment. But the inefficiency of the payment model makes Hickey wonder whether the hackers were really after money. \u00a0\u00a0\u201cIf it was done for money, it wasn\u2019t the smartest way to get it,\u201d he said.\u00a0For example, the hackers could have lowered the ransom price to $10, making it cheap for anyone to pay. For a malicious program that's infected more than 300,000 machines, even a low ransom could have resulted a huge payoff.\u00a0Instead, the hackers asked for large sum, then used a shoddy payment process that made victims wonder whether they would get what they paid for.\u201cIt removes the incentive to send any money to the attacker,\u201d Hickey said.It's still unclear who created WannaCry, whether amateurs or skilled hackers. The fact that there was a "kill switch" in the ransomware, which a researcher was able to activate on Friday, stopping the attack at least temporarily, suggests the coders were sloppy.But WannaCry does at least one thing well: Flawlessly encrypts all the files on an affected machine. Security sleuths are still studying the ransomware for ways to salvage already infected computers.\u00a0"The implementation of the encryption was pretty rock solid," said Symantec's Thakur. "There wasn't any gap to jump in and get the files decrypted."Security experts also warn WannaCry might strike again through new, updated variants.\u00a0To prevent infection, users should\u00a0install the latest patches to vulnerable Windows systems, such as Windows 8, and run antivirus products, like Windows Defender, which can detect and stop the ransomware. \u00a0Why do you think? Send your comments to Facebook.