Targeted ransomware on the rise
Tuesday, August 4, 2020
In the case of business travel company CWT, reports say that attackers claimed to have scrambled files on 30 000 computers and to have uploaded two terabytes of the company’s data. However, the company coughed up $4.5 million to the bad actors, according to a record of the ransom negotiations seen by Reuters.
Ilia Kolochenko, founder and CEO of Web security company ImmuniWeb, Master of Legal Studies (WASHU) and MS Criminal Justice and Cybercrime Investigation (BU), says: “Paying a ransom is not necessarily a bad tactic. When data recovery costs an eight-digit amount and requires weeks of downtime, paying a seven-digit ransom is an economically sound decision.”
He adds that the data recovery element of the saga needs to be distinguished from the legal implications and data erasure promised by the attackers. “As many recent cases demonstrate, cyber gangs rarely honour their promises to delete stolen data even after receiving the full payment. Similarly, payment of the ransom will not absolve any third-parties of their legal duties if they are affected by the data breach, including a duty to report the incident to competent authorities and notify victims whose PII was compromised.”
However, aside from these interrelated intricacies, the payment of ransom may help mitigate further damage caused by systems downtime and inability to serve customers, says Kolochenko. “Given that ransomware attacks are becoming incrementally more sophisticated and thus harder to prevent, we should expect a further surge of successful intrusions followed by a payment of ransom being dictated by economic efficiency.” Read Full Article
SiliconANGLE: Garmin reportedly paid off hackers following a ransomware attack
CPO Magazine: Hackers Demand Hefty Ransom After Successful Ransomware Attack on Telecom Giant