RSAC speaker offers ransomware victims unconventional advice

/in


An RSA Conference speaker argued that despite the stigma associated with paying ransomware gangs, it’s sometimes better to negotiate with terrorists.

In his session at the 2023 RSA Conference on Monday, Brandon Clark, CEO of Triton Tech Consulting in Denver, proposed a ransomware response process that works to squeeze out emotive instincts that are often tangled in the decision-making.

“It is absolutely critical that you do take as much of the emotion out of this as possible by looking at some of this ahead of time,” said Clark during the session, titled “Negotiating with Terrorists: The High Stakes Game of Ransomware Response.”

Clark suggested that ransomware victims often make detrimental decisions based upon emotional and moral instincts. He prefaced his response plan with a reference to the 1973 hostage crisis at the Saudi Arabian Embassy.

In that incident, three Western diplomats among 10 others were taken hostage at the embassy by the Black September group. Former President Richard Nixon refused to negotiate with the terrorists and publicly announced the U.S. would not pay the demanded ransom. The terrorists later killed the Western hostages while the remaining hostages were released and returned to their home in Sudan, which had negotiated with the group.

Clark related this piece of history to the life-threatening events that follow a ransomware attack on a hospital or an air traffic controller or other critical infrastructure targets. He stated that aversion to negotiate with terrorists was a polarizing mindset, “entrenched in our mental framework,” that has induced poor decision-making.

“If I’m not able to understand a patient’s history, if I can’t see what their allergic to and they’re given medication that sends them into anaphylactic shock, I would argue that’s probably worse and more evil than me paying $50,000 to get our systems back and running,” said Clark.

There’s also a financial component to the equation. Clark used the 2018 ransomware attack on the city of Atlanta as “a great example of what not to do,” because the city government refused to pay a $50,000 ransom and ended up paying more than $3 million in remediation and recovery costs.

“It doesn’t…

Source…