How Not to Pay a Ransom (Twice)

I can say it until I’m blue in the face: don’t pay the ransom, ever. Period. Even if you’re the victim of a ransomware attack, don’t pay the hackers.

In fact, I wrote an article explaining why paying the ransom only leads to more problems for your organization in the long term. (TL;DR: Paying the ransom is a short-sighted strategy that doesn’t guarantee you’ll get your data back and encourages hackers to attack you again). Yet, despite my warnings, some others (including cyber insurance companies) have encouraged companies to pay the ransom, as a quick means to restore operations. Seems like I need to cover the consequences (again), and help victims avoid paying again. 

DevOps Connect:DevSecOps @ RSAC 2022

If you don’t believe me, maybe you’ll listen to the FBI, who also says that paying the ransom is a bad idea. As they point out, even if the bad guys do give you a key that actually unlocks your systems (which isn’t guaranteed—criminals not being the most trustworthy of folks), you don’t know what copies of the data exist or who might now have access to it. Your systems may still harbour latent malware or other infections that make you vulnerable to repeated attacks, and since the hackers know you’ll pay up you’re going to get hacked again. Like any business, ransomware hackers love repeat customers. Don’t listen to insurance providers who think they can save 

And it helps to think of this as a kind of business model that hackers are using. Don’t get me wrong—ransomware attacks are crimes, 100%. And they should be treated as such. Someone who holds your data hostage is committing a crime just as much as if they’d smashed through your front window and started to rob your business.

But think of how hackers make their (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Adam Mansour. Read the original post at: