Cloud Security Alliance says infosec wonks would pay $1m ransoms
May 31, 2016
Shah Sheikh (1294 articles)

Cloud Security Alliance says infosec wonks would pay $1m ransoms

Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance.

The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with over 50,000 employees. Half of those responding were from the US, and a quarter from Europe, the Middle East and Africa.

The report (PDF) found a quarter of respondents would pay ransoms to prevent the release of sensitive corporate data.

14 said they’d pay more than $1 million to black hats to prevent sensitive data dumps.

There are many incidents of hackers attempting to publicly ransom organisations, but few of companies paying, outside of ransomware.

However security industry types speak often of companies paying off hackers who have stolen data or are threatening to strike during the busiest sales seasons.

Online wagering concerns are known to regularly pay criminals threatening to launch distributed denial of service attacks during major sporting event.

Ransomware payments are less controversial with even police and law enforcement agencies recommending organisations hit by the most water-tight ransomware encryption attacks to pay up to get their decryption keys.

Some victims however have no option to pay; net scum are distributing a flawed ransomware instance based on the Hidden Tear open source code ostensibly uploaded to GitHub for research purposes.

That code was deliberately sabotaged, the author says, to encrypt both the victim’s data and encryption key leaving attackers without the means to decrypt data after ransom payment.

It is suggested the much-battered Linx.Encoder ransomware failure was initially based on the Hidden Tear code.

This leaves open the possibility that BitDefender’s decryption tool could reverse the flawed encryption.®

Source | TheRegister