DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cluley: “Frankly, sometimes paying the ransom is a good idea”

Posted on October 24, 2019 by Dissent

I usually don’t link to podcasts, but this one was especially good, I thought, as an analysis of what happened in Baltimore’s ransomware incident. And I am glad to hear Graham say what I have said a number of times:  “Sometimes paying the ransom is a good idea.”  You can hear the podcast here.

I recently attended a session at the Privacy + Security Forum in Washington, D.C. that dealt with ransomware response. On the panel were some private sector lawyers (of course), and officials with the FBI, Secret Service, and a consulting firm. I’m not naming them because their identities aren’t particularly important to this point. What’s important is that the government really does not want victims paying ransom because it will encourage more ransomware attacks. But they can’t really tell you NOT to pay ransom, so instead, they issue these PSAs that remind you that there is no guarantee that paying ransom will result in getting a decryption key, and maybe your data will be corrupted anyway…. and maybe they will hit you again, etc.

That day, I decided to throw some questions at the panel.  The first was “Is it illegal to pay ransom?”

Their answer was that it might be, depending on whom you were making the payment to — could you, for example, be providing material support to terrorists? But the FBI and Secret Service hastened to make clear that the government has never prosecuted any victim for paying ransom, and the FBI’s policy is not to revictimize victims.

My next question was based on something I had been told months ago by an attorney from BakerHostetler and also by someone from a cyberforensics firm with a lot of experience in ransomware cases. I asked the panel, “Isn’t it true that in about 94% of cases where victims pay the ransom, they DO get the decryption key and their data back?”  And every member of the panel wound up acknowledging that was true.

So although the public isn’t told this clearly because the government wants to discourage it, I will repeat what I have been saying for quite a while:  for some entities, paying ransom will just be a business decision based on how much money they will lose if they cannot function due to the ransomware attack. For other entities, paying the ransom may be the difference between being able to care for patients and save lives.

As a healthcare professional, I cannot imagine taking risks with patients’ safety or lives. If you’re in that bind, don’t let anyone or our government dissuade you from what you feel you ethically have to do to take care of patients. If you feel you need to pay the ransom, pay the ransom. We can fingerpoint later about whether it all could have been avoided, but at that moment, you may need to just suck it up and pay the ransom so you can get back to caring for patients.

BUT: if you do pay ransom, maybe you shouldn’t go around publicly telling everyone that you paid the ransom and how much you paid.  THAT piece might best be kept unpublicized.

 

Category: Breach IncidentsCommentaries and AnalysesMalware

Post navigation

← Nigerian Citizen Sentenced for Role in International Cyber-Fraud Scheme
Geisinger Health Plan Notifies Members About Business Associate Phishing Attack at Magellan NIA →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.