Garmin reportedly paid off hackers following a ransomware attack
Tuesday, August 4, 2020
Even putting aside the issue that paying a ransom when attacked by ransomware is morally dubious and could encourage criminal groups to target more companies, this case is more complicated. Evil Corp was sanctioned by the U.S. Treasury Department in December, decreeing that “U.S. persons are generally prohibited from engaging in transactions” with Evil Corp or any of its individual members. If Evil Corp is behind the attack and payment was made, Garmin could potentially be in serious legal trouble.
Although many security experts argue that paying ransomware attackers is not a good practice, Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE that doing so is not always a bad thing.
“When data recovery costs an eight-digit amount and requires weeks of downtime, paying a seven-digit ransom is an economically sound decision,” Kolochenko said. Even so, he added, “as many recent cases demonstrate, cyber gangs rarely honor their promises to delete stolen data even after receiving the full payment. Similarly, payment of the ransom will not absolve any third parties of their legal duties if they are affected by the data breach, including a duty to report the incident to competent authorities and notify victims whose PII was compromised.”
The bottom line, he said, is that paying a ransom may help mitigate further damage caused by systems downtime and inability to serve customers. “Given that ransomware attacks are becoming incrementally more sophisticated and thus harder to prevent, we should expect a further surge of successful intrusions followed by a payment of ransom being dictated by economic efficiency,” he said. Read Full Article
CPO Magazine: Hackers Demand Hefty Ransom After Successful Ransomware Attack on Telecom Giant
Information Security Buzz: Business ID theft soars amid COVID closures