https://www.cyberscoop.com/ransomware-pay-hackers-worth-risk-lawyers/
By Jeff Stone
CyberScoop
Jan 31, 2019
Conventional wisdom says ransomware victims shouldn't pay their attackers,
but a panel of legal experts suggested Thursday that standing firm might
not always be the smartest play in the real world.
FBI officials, corporate bigwigs and public sector security bosses in
recent years all have advised their colleagues to keep their wallets
closed when ransomeware hits. There's no honor among thieves, the logic
goes, and even if you pay hackers to buzz off, who's to say they will
follow through on promises to unlock encrypted data? But there are
scenarios in which small and medium-sized businesses should carefully
consider their decision, Mark Knepshield and Matthew Todd said during a
panel discussion at the Legalweek conference in New York.
"I would say, if it's small amount, pay it," said Knepshield, a senior
vice president at insurer McGriff, Seibels and Williams. "It's likely just
be the easiest way out of your situation."
In a poll surveying Legalweek attendees, 86 percent said they would not
pay a ransom if attackers threatened to publish stolen material online
within 24 hours. That follows the traditional legal advice, with the FBI
encouraging hacked businesses not to pay, in part because meeting
extortionists' demands could help thieves expand their operations.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
