Not all ransomware victims have given up on getting attackers to sign a nondisclosure agreement (NDA), so they can call a ransom payment a “bug bounty” and never disclose that they were the victim of a ransomware incident. At least, that’s how it seems, unless, of course, CyberOptics is going to claim that they were never serious in their negotiations with their attackers and were stalling for time.
Read Marco A. De Felice’s post about what happened with CyberOptics when they were successfully attacked by individuals calling themselves the “SchoolBoys Gang.” The firm’s breach disclosure of December 15 gives no hint of the negotiations that had gone on. Would the firm have written a different disclosure if they knew that their negotiations were going to be leaked publicly? If the negotiator had simply been stalling for time, perhaps the disclosure should have said something so as not to leave investors and customers with the worrying thought that CyberOptics might be a firm that would pay a ransom and cover up a breach of personal information and other data.
Victims who enter chat negotiations with their attackers might want to remember that others might be shoulder-surfing the chats. De Felice did not publish any of the negotiations while they were still in progress, but after the attackers started leaking the data and the firm did not respond to his questions, he published redacted parts of the negotiations.
How a company responds to an incident may significantly impact its reputation — or lawsuits in response to a breach. CyberOptics appeared to be offering to pay the attackers a “bug bounty” if they signed an NDA. What will that do their investors and those suing them?
Read De Felice’s detailed reporting on SuspectFile.
In October, Bleeping Computer reported on SchoolBoys Gang, and that they appear to be the same group known as TommyLeaks.