Facing Cyber Blackmail? Don't Pay A King's Ransom

When your business is under fire and a ransom is on the table, it's tempting to pay and make the criminals go away. But how do you know they'll fulfill their part of the bargain? Even if they do, you've made yourself complicit in a growing criminal enterprise.

Demands to pay up or endure the consequences come in many varieties. It may be a promise not to out the victim for using a questionable service, or not to dump data files stolen from corporate servers. More often, though, the threat is delivered via ransomware, a type of malware that encrypts user files and makes the encrypted data useless until ransom is paid -- in amounts generally ranging from $200 to $10,000.

Some experts argue that paying ransom makes the situation worse because it rewards criminal behavior. The groups behind ransomware know victims will pay, which has resulted in more ransomware variants and new attack vectors. It's basic game theory: One victim pays the ransom, so the game will be repeated for the next victim, who will look at what the first victim did.

"Paying the ransom simply encourages the attackers to continue following the same playbook," said Andrew Hay, senior research manager at OpenDNS, which was acquired by Cisco earlier this year

Source : infoworld.com