“The biggest problem they had [was] that they could not pay their people, and it was the same every week or two weeks. And if you don’t pay your drivers and stuff, that business stops, right?” said Haigh. “The person who was most stressed was the CFO. [He] they saw themselves entering a situation of income. … I think they only have a month left to work.”
If an organization is in trouble, most of the C-suite will agree to pay a ransom to stay in business.
“Because now you are talking about the risks that exist in your business. And the CEO, CFO, [and] it is the board’s responsibility not to allow that to happen. So it’s like adding a juxtaposition here. Because to get the best, you don’t have to pay ransomware. But with your little eye on keeping this business alive, you should. That is difficult,” he said.
Time to shop with third-party experts
To make the best decision, businesses should check whether their data can be restored from backups and whether their cyber insurance covers operational costs in the event of a prolonged business interruption. Both will give businesses the ability to avoid paying the ransom.
As ransomware gets “faster, smarter, and worse,” some ransomware operators are increasingly threatening to leak data, which can cause a business to take more action. “He will do it [have to] use a third party that will scan the dark web, find the data, and be able to retrieve it or take it down. And that’s the best you can do if that’s the case,” he said.
Such is the cat and mouse game of modern ransomware. Ransomware operators continue to invent new ways to put more pressure on the C-suite and board to pay up. Kleinman says some ransomware operators are targeting data that could hit close to home.
“[Ransomware operators are] quite the art. They have started firing many officials, senior board members. So that’s releasing sensitive personal data from someone — like the chairman of the board or something like that, or their family — and, to further promote the payment,” he said.
Kleinman says this trend coincides with the rise of non-encryption ransomware, a threat built around data leaks.
Suppose a company decides to allow pressure. If so, Gooh says they should consider bringing in a third-party expert to contact the ransomware operator and, most importantly, buy time to look for decryption keys (found in other types of ransomware), contact authorities, and negotiate. at a low price.
Gooh says that every business’s incident response plan should provide this type of professional assistance. “Knowing what to do and knowing who to call when this kind of thing happens is certainly one of the things companies must prepare for,” he said.
Newton says he is relieved that the final decision to pay the ransom does not rest on his shoulders as CISO, but he will still file a strong case for non-payment.
He says: “When I was asked if I would pay the ransom, I was talking about his behavior. “And sometimes behavior hurts. Morality hurts.”
Source link