Tag Archive for: paying

Why Paying to Delete Stolen Data is Bonkers — Krebs on Security

/in


Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway.

The findings come in a report today from Coveware, a company that specializes in helping firms recover from ransomware attacks. Coveware says nearly half of all ransomware cases now include the threat to release exfiltrated data.

“Previously, when a victim of ransomware had adequate backups, they would just restore and go on with life; there was zero reason to even engage with the threat actor,” the report observes. “Now, when a threat actor steals data, a company with perfectly restorable backups is often compelled to at least engage with the threat actor to determine what data was taken.”

Coveware said it has seen ample evidence of victims seeing some or all of their stolen data published after paying to have it deleted; in other cases, the data gets published online before the victim is even given a chance to negotiate a data deletion agreement.

“Unlike negotiating for a decryption key, negotiating for the suppression of stolen data has no finite end,” the report continues. “Once a victim receives a decryption key, it can’t be taken away and does not degrade with time. With stolen data, a threat actor can return for a second payment at any point in the future. The track records are too short and evidence that defaults are selectively occurring is already collecting.”

Image: Coveware Q3 2020 report.

The company said it advises clients never to pay a data deletion ransom, but rather to engage competent privacy attorneys, perform an investigation into what data was stolen, and notify any affected customers according to the advice of counsel and application data breach notification laws.

Fabian Wosar, chief technology officer at computer security firm…

Source…

Paying ransomware demands could land you in hot water with the feds

/in
A stylized ransom note asks for bitcoin in exchange for stolen data.

(credit: Aurich Lawson)

Businesses, governments, and organizations that are hit by crippling ransomware attacks now have a new worry to contend with—big fines from the US Department of Treasury in the event that they pay to recover their data.

Treasury Department officials made that guidance official in an advisory published on Thursday. It warns that payments made to specific entities or to any entity in certain countries—specifically, those with a designated “sanctions nexus”—could subject the payer to financial penalties levied by the Office of Foreign Assets Control, or OFAC.

The prohibition applies not only to the group that is infected but also to any companies or contractors the hacked group’s security or insurance engages with, including those who provide insurance, digital forensics, and incident response, as well as all financial services that help facilitate or process ransom payments.

Read 10 remaining paragraphs | Comments

Biz & IT – Ars Technica

Stop Paying the Apple Tax

/in

The Apple tax is no joke, but neither is a typical Apple owner’s fear of popping open their systems and feeding their Mac some extra-delicious low-cost memory. But here’s the thing: If you pay Apple …
mac hacker – read more