Why Paying Ransomware May Not Be A Great Idea
You may recall that a hacking group called the Dark Overlord hacked into Larson Studios, a third party provider to Netflix and other studios. They stole the unreleased copies of the whole season of Orange as well as about 36 other series and movies.
Now we are beginning to hear the back story and it points out that paying ransomers is dicey business.
Larson’s owners tried to protect their customers. The did this by paying the ransomers $50,000 in bitcoin. The theory was that they would not release any of the titles if they did.
Investigators discovered that ground zero for the attack was a Windows 7 PC. Whether it was patched current or not is unclear, but as we are seeing with the Wikileaks releases of CIA and NSA exploits, being patched does not mean being secure. The CIA and NSA do not have an “exclusive” on exploits.
When Larson’s IT guy looked at the server and found the shows were gone, they called the FBI. They did not tell their clients because the group said not to and at that point they were still hoping to contain the damage.
They paid the ransom. It took a while to work through the system to buy $50,000 in bitcoin. About a week in total.
The Dark Overlord got a bit greedy and contacted Netflix and the other studios trying to get them to pay a ransom also. Those studios opted not to pay. So, even through Larson paid the ransom, they released the titles.
It is a bit of a crap-shoot as to whether hackers will keep their word, even though not keeping their word should, in theory, destroy their business model.
In many cases, having a backup will protect you from having to pay the ransom. Not in this and any number of cases where the hackers can steal intellectual property. Like at law firms or accountants, for example.
Once they have your intellectual property, it is a new game.
They could sell it or publicly release it. Depending on the model, they might want to embarrass the company, destroy it or make money.
Your best bet is to keep the hackers out. That is not always so easy.
After the fact, Larson upgraded security. Files are encrypted. The network is segmented so that if an attacker gets in they don’t have free range to the whole company. They no longer keep the audio files and video files together to make it harder for an attacker to get something useful.
Larson lost some customers over this, but they learned a lesson. An expensive lesson. Lost customers PLUS ransom PLUS reputational damage PLUS the cost of re-engineering the network EQUALS an expensive lesson.
You can spend the money before an attack or spend a lot more money after the attack. It is your choice. But there is no free lunch.
Information for this post came from Data Breach Today.