Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II
‎02-06-2019 02:04 PM
‎02-06-2019 02:04 PM

Paying ransomware ransom?

I am firmly of the opinion that paying ransom, for ransomware, is a bad idea.  It funds crime (and likely terrorism), increases the danger for you and everyone else (by increasing the incentive for blackhats to develop and release ransomware), sometimes you can get your data back anyway, and many times you pay the ransom and don't get your data back.

 

(What do I recommend for dealing with ransomware?  Make a backup.)

 

But at a recent conference, some lawyers were advising people to consider paying.

 

(Well, yeah, I mean, lawyers ...)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
1 Reply
Shannon
Community Champion
‎02-06-2019 03:27 PM
‎02-06-2019 03:27 PM

 

@rslade wrote:

I am firmly of the opinion that paying ransom, for ransomware, is a bad idea.  It funds crime (and likely terrorism), increases the danger for you and everyone else (by increasing the incentive for blackhats to develop and release ransomware), sometimes you can get your data back anyway, and many times you pay the ransom and don't get your data back.

Alas, probably the only people who really appreciate these words are those who take the risks seriously --- including those of us in IT Security.

 

Entities that haven't taken measures to ensure that their data is secured / backed up are likely to just pay the ransom and 'Hope for the best, since they never prepared for the worst.

 

We can see this at both corporate and personal levels...

 

Organizations might opt to risk paying a ransom rather than face the business impact or legal consequences of a data loss. (All hail the lawyers!)

 

Individuals who are heavily dependent on their data & unwilling to be slandered for negligence may prefer to pay a ransom & hang on to their pride. (No lawyers needed here.)

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Reply
0 Kudos