Insert Catchy Ransomware Headline Here

Why is the internet so fascinated by ransomware? Is it because ransomware is attacking our precious data? Is it simply a threat that the average person can understand and therefore makes it newsworthy and headline rich? Is it because ransomware is so profitable and morphing into a mature business model? Or is it just a fascination with so-called evil genius? After all, everybody loves to hate a good super villain…until they come to visit YOU.

Ransomware is not cool graphic

The Ransomizer at www.ransomizer.com

Here is the shortlist of things you should know about this topic if you’d like to get up to speed quickly:

Dilbert comic strip

Dilbert Comic for 1996-02-06 by Scott Adams http://dilbert.com/strip/1996-02-06 via @Dilbert_Daily

  • Once you pay the ransom and get your data back, you still have a mess to clean up. They are still in your system and you must fully eradicate the attacker from your environment. Easier said than done.
  • Some mature ransomware operations have technical support available, so if you are having trouble paying the ransom you can call for assistance and the call center will walk you through it. Yes, it’s true.
  • There are cloud ransomware solutions out there so if an attacker doesn’t want to go through the trouble of building their own solution, they can buy ransomware as a service. Krebs blogged about it recently and the commercial they posted on YouTube is quite persuasive! (Yes, I just blogged about a blog.)

  • If you work for an organization that deals with protected health information (PHI) and HIPAA, the U.S. Department of Health and Human Services (HHS) removed some ambiguity regarding whether or not ransomware is considered to be a breach: “When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule.” Read all about it.

Some cyber security practitioners and thought leaders got together recently to talk about the 7 most dangerous new attack techniques, and of course ransomware was on the list. Ed Skoudis asked, “How much would you pay to turn on your heat?” Many of us, other than me of course, have internet connected thermostats that could potentially be held hostage in this way. This is a theoretical scenario today, but the thought of this one gives me the chills (pun intended).

Another noteworthy gem from Ed is regarding what to do if you find yourself held hostage by a digital ransom that for some reason or another you have no choice but to pay. He made a point to remind us that it is a negotiation. So, don’t assume they know who you are or who you work for in the event that they encrypted your data. Assume they don’t know anything about you or the data and try to convince them you are simply an individual that wants to restore those precious shopping lists and pictures of your grandchildren, even if you did just lose access to your entire customer database <ouch>. If they don’t know you work for a fortune 100 company, don’t volunteer that information. You may be able to convince them you are a grandparent with a fixed income and they *might* even accept a lower ransom. In New York we haggle for a better price on just about everything. Why shouldn’t we do the same for our stolen data?

In conclusion…don’t get ransomware in the first place if you can avoid it. It might be intriguing, but some things are better off observed from afar.

Thanks for reading and don’t forget to subscribe.

6 thoughts on “Insert Catchy Ransomware Headline Here

  1. Wilsdorf & Davis era il nome originale dell’azienda che in seguito divenne la repliche rolex Watch Company. Inizialmente, si limitavano a importare nel Regno Unito meccanismi svizzeri prodotti dal loro successivo partner Hermann Aegler, assemblandoli in lussuose custodie create dal marchio Dennison e da altri gioiellieri che vendevano i primi orologi dell’epoca e utilizzando i propri L’orologio trasporta un marchio personalizzato. I primi

  2. Today, the sasuke sword continues to captivate enthusiasts and collectors worldwide. Its historical significance, combined with its extraordinary craftsmanship and artistic beauty, makes it a sought-after item.

Leave a Reply

Your email address will not be published. Required fields are marked *