A recent Ride the Lightning (RTL) blog post entitled “If You Are Hit by Ransomware, Do You Negotiate? If So, How?”, featured Sensei’s Sharon Nelson in an ALPS blog post. ALPS is the nation’s largest direct writer of lawyer’s malpractice insurance.
The following post was originally published on October 1 on ridethelightening.senseient.com:
If You Are Hit by Ransomware, Do You Negotiate? If So, How?
Man, that’s a good question. Why would you ever pay? Especially if you have good backups?
As cybersecurity expert Bruce Schneier notes in a blog post, there are solid arguments for and against paying a ransom.
Arguments cited by Schneier for making a ransomware payment include:
- Payment is the least costly option;
- Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);
- Payment can avoid being fined for losing important data;
- Payment means not losing highly confidential information; and
- Payment may mean not going public with the data breach.
The arguments against making a ransomware payment include:
- Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;
- Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;
- Payment can do damage to a corporate brand;
- Payment may not stop the ransomware attacker from returning;
- If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and
- Using Bitcoin to pay a ransomware attacker can put organizations at risk. Most victims must buy Bitcoin on entirely unregulated and free-wheeling exchanges that can also be hacked, leaving buyers’ bank account information stored on these exchanges vulnerable.