Hackers have reportedly stolen an upcoming Disney movie and are holding it for ransom. Deadline reported it’s the new “Pirates of the Caribbean” film. Combine that with the broader ransomware attack WannaCry, which disrupted businesses around the world, and it got us wondering: When does it make sense to pay out?
“Never, ever, ever give in to ransomware,” said Liviu Arsene, a threat analyst at BitDefender. “If you give in once, probably hackers will come in again and again, and try to extort money from you. Once there’s blood in the water, definitely sharks will come.”
And no one wants sharks. That “don’t pay up” advice is what you’re going to hear from law enforcement. And it’s advice that a lot of experts are going to give in a situation like Disney’s: Don’t negotiate with terrorists. But Stu Sjouwerman, from the cybersecurity training firm KnowBe4, said when hackers have locked up your data, it’s not always cut and dry.
“It’s a business decision,” Sjouwerman said. There’s a fate — potentially worse — than those circling sharks.
“If you find that your backups failed, and you find that you’ve lost months of work, which would potentially even shut you down as an organization, it’s a no-brainer to pay the ransom,” Sjouwerman said. “And many people do.”
The government says ransomware costs businesses millions of dollars each year. Simon Crosby, from the security firm Bromium, agreed that there’s a time and place an organization might have to considering paying, but it shouldn’t come to that. A company should have everything properly backed up.
“If they don’t have backups, then I’d slap them around a few times and say, ‘Why not?’” Crosby said.
There may be lot of businesses out there in need of that sharp reminder.
|Your computer’s security updates may be annoying, but they’re crucial|
|Pay a ransom, get your data back|
|Do musicians and content makers benefit from piracy?|