FBI Recommends Paying Ransoms
Posted by: Timothy Weaver on 10/28/2015 10:04 AM
[
Comments
]
Joseph Bonavolonta, an assistant special agent with the FBI, has advised companies that fall victim to Cryptolocker, Cryptowall or other forms of ransomware to pay the ransom.
Bonavolonta was quoted as saying that, although the FBI has their back, the malware is just that good. “To be honest, we often advise people just to pay the ransom" because efforts by the Bureau to defeat the encryption used have proved futile.
One offshoot of the ransomware being paid is that it has driven down the cost of having the files unlocked.
Stu Sjouwerman, CEO at KnowBe4, partially agrees with the FBI. If paying the ransom may keep the company from losing weeks if not months worth of work, then the company may as well view it as a security audit.
However, Sjouwerman also makes the point that many agree with in that payment only rewards the bad guys for bad behavior which will only reinforce the bad behavior.
He recommended that companies have backup files that are regularly tested, be religious about application and operating system updates, and ensure employees are trained in cybersecurity best practices.
Source: SCMagazine
Bonavolonta was quoted as saying that, although the FBI has their back, the malware is just that good. “To be honest, we often advise people just to pay the ransom" because efforts by the Bureau to defeat the encryption used have proved futile. One offshoot of the ransomware being paid is that it has driven down the cost of having the files unlocked.
Stu Sjouwerman, CEO at KnowBe4, partially agrees with the FBI. If paying the ransom may keep the company from losing weeks if not months worth of work, then the company may as well view it as a security audit.
However, Sjouwerman also makes the point that many agree with in that payment only rewards the bad guys for bad behavior which will only reinforce the bad behavior.
He recommended that companies have backup files that are regularly tested, be religious about application and operating system updates, and ensure employees are trained in cybersecurity best practices.
Source: SCMagazine
Comments
