Here’s a cybercrime conspiracy story that makes a difference.
As we write about network-wide ransomware attacks that blackmail the entire company at once, two burning issues immediately arise:
- How much money do the villains demand?
- Did the victim pay?
The answers vary, but as you’ve probably read about this Naked Security, modern ransomware criminals often use two-way tightening technology when trying to maximize their asking price.
First, thieves steal a number of corporate files that threaten to disclose or sell to other thugs; then they shuffle the data files on all the computers in the company to stop the business.
Pay blackmail, say the villains, and they not only “guarantee” that the stolen data will never be passed on to anyone else, but also offer a decryption program to rework all the encrypted files so that the business can continue.
Recent reports include an attack on a fitness monitoring company, Garmin, which was allegedly blackmailed to $ 10 million and paid, albeit apparently after the amount had fallen into the “multi-million” range; and business travel company CWT, which faced similar seven-figure demand and ended up handing over $ 4.5 million to criminals to get its business back on track.
In contrast, law firm Grubman Shire Meiselas & Sacks faced a staggering $ 42 million ransomware blackmail claim, but faced it down, comparing the villains to a terrorist and refusing to pay a dime.
Recently, U.S. wine giant Brown-Forman took a similar stance in refusing to work with criminals after its network was invaded.
