A Ransomware Playbook: From Prevention to Payment
Monday, December 30, 2019
It’s the dirty little secret of too many businesses to count: they got hit by ransomware and quietly paid up (the amoral/pragmatic, depending on your viewpoint) or stripped and rebuilt thousands of desktops and servers (the pugnacious/distrusting).
What About Disclosure?
As Ilia Kolochenko, CEO of web security company ImmuniWeb notes: “Modern ransomware not only encrypts data, but concurrently exfiltrates it for further resale in the Dark Web. As a result, ransomware attacks are targeted data breaches with often severe legal ramifications.
“Being mindful of the mushrooming multitude of data protection laws and regulation (GDPR or California’s CCPA for instance), it would be wise to talk to your corporate counsel about any duties of disclosure or victim notification stemming from the incident. Most important, be accountable and fair about the incident with the concerned stakeholders, don’t try to downplay or conceal the problem.” Read Full Article
Information Security Buzz: Comments On Chinese Hacker Group Bypassing 2FA To Hack Government Entities And MSPs
Software Testing NEWS: “You don’t need to have a Master’s Degree in cybersecurity to follow your common sense.”- Kolochenko’s interview part two