Podcast: With Ransomware -Never Pay The Ransom!

Two U.S. Senators are requesting information about the government's experience with ransomware - asking whether Uncle Sam has paid ransoms to get data back.
To pay the ransom, or not to pay the ransom, that is the question. Thomas Fischer of Digital Guardian makes the argument for saying “no” to ransomware crews.

In-brief: To pay the ransom, or not to pay the ransom, that is the question. In this Security Ledger podcast, we talk to Thomas Fischer, a Global Privacy Advocate at Digital Guardian about why ransomware is such a big problem for businesses these days, and why he thinks paying to get access to your encrypted data is a terrible idea. 

This blog garnered a lot of attention back in October when we reported the words of Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in Boston, who told an audience at a local event that -in cases of ransomware infections, the Bureau was often in the position of advising firms to pay the ransom to get their data back.

The message wasn’t that the “bad guys are winning” or that paying the ransom was the first step in responding to an infection. Bonavolonta was simply admitting that the encryption used by ransomware was unbreakable, as a practical matter, and that malware authors were wrapping pretty tight code around that encryption. Companies that didn’t have a reliable backup of data to fall back on had (and have) few options.

That story generated a wave of controversy, with many taking the position that individuals and organizations should (almost) never pay the ransom, thereby encouraging the continuation of ransomware schemes.

[Like this article? You might want to read: “It’s time to stop the ransomware shaming!“]

In the months since, we’ve read numerous, public reports about private and public sector organizations that, indeed, have paid off ransomware crews to regain control of encrypted and infected systems. Los Angeles Presbyterian Hospital was reported to have paid a $17,000 ransom in Bitcoin to restore access to its computers. Last week, it was a hospital in Ottawa, Canada that was infected.

A bigger question may be why and how ransomware has become such a pressing issue facing businesses. Just this week, there is news of yet another hospital infected with the malware – this one in Ottawa, Canada. To get answers to those questions, we sat down with Thomas Fischer, a Global Security Advocate at Digital Guardian.*

Fischer is an expert on malware, and one of the hosts of the B-Sides London Conference. He’s also no fan of paying off ransomware crews, as he explains to us in this conversation.

(*) Digital Guardian is a sponsor of The Security Ledger.

 

2 Comments

  1. Pingback: FBI: Beware Of Full Network Ransomware | The Security Ledger

  2. I didn’t listen to the soundpod, but his stance smells of government bureaucracy. “Never pay a terrorist their ransom demands, for they will simply ask for it, again and again”. Blah, blah, blah.

    Until that bureaucrat’s kid is kidnapped and they move heaven and hell to get their daughter back.

    Same for ransomware. Were he to get infected and lose everything, then I’m sure he would be singing a different tune.

    Here’s how I look at it. That ransom is the cheapest security audit payment I have ever had to make. It brought to light something that I may never have discovered until it was too late. Too late, as in wiping out a major client’s data and forcing us to pay a ransom 10 or 100 times as big. Causing us to shut our doors.

    What is the benefit of this ransom ware? It is causing IT service providers like ourselves to insure we are doing everything humanly possible to secure our clients from something DRASTICALLY worse that this. Like a virus that encrypts and then doesn’t give us back the decryption key. It is the cruelest of wakeup calls, that we didn’t ask for, but are sure glad that it happened, as opposed to the alternative – the shutting down of our business.

    The fact is, you have to adapt and move on. The IT service providers (and individuals) that do not adapt, will pay the ransom a dozen times until they finally shut their doors (or in the case of individuals, throw their computers out the window and start fresh), because they failed to learn their lesson after the first infection.

    The strong will survive and get to keep their data.