In his article, Tony Anscombe from ESET talks about who pays τελικά τα λύτρα όταν κυβερνοεγκληματίες που έκλεψαν ή μπλόκαραν πολύτιμα στοιχεία και data from the companies' systems, blackmail them and finally the companies give in and pay the amount.
These attacks are called press attacks ransomware where "ransom" means "ransom".
Just imagine for a moment, says Anscombe, that you go to the store to buy something for 100 euros. Depending on where you are in the world, sales tax may need to be added to the checkout and your purchase receipt will show 100 euros for the goods and maybe plus 10 euros for the tax, a total of 110 euros.
But when a company has fallen victim attackς ransomware and has decided to pay ransom to cybercriminals to regain access to its systems or to keep data from being leaked publicly or sold on the dark web, this is considered a cost of doing business and is a cost that should be incorporated at its final price product or of its services paid for by customers.
So what would you think if in the receipt for the purchase you made you saw that the company somehow finances cybercrime in the following way: product 100 euros, tax 10 euros, donation to cybercriminals 2,50 euros? "I suspect, and I hope, that you would challenge the charge and react. I would, however, do it. " says Tony Anscombe of the cybersecurity company.
Of course, the companies would probably have replied: "It does not matter, we are insured for cybersecurity risks and our insurance company will pay most of the ransom". This may well be the case, but the company must pay the insurance company that works based on the likelihood of risk when charging a premium.
Εάν, δηλαδή, οι ασφαλιστικές εταιρείες ασφαλίζουν 10 εταιρείες και από αυτές η μία στις 10 πέφτει θύμα επίθεσης ransomware, τότε η απόδειξη από μία από αυτές τις 10 εταιρείες θα δείχνει τη συναλλαγή των 100 ευρώ, 10 ευρώ φόρο, συν μια δωρεά 2,5 ευρώ στους κυβερνοεγκληματίες, που καταβλήθηκε μέσω της ασφαλιστικής εταιρείας. Τα money to pay the ransoms ultimately come from you, the consumer.
According to an article by The Hill, in response to a question from Senator Mazie Hirono of USA, the assistant director in the FBI's cybercrime division, Bryan Vorndran, said that "our view is that the solution is not to prohibit businesses that fall victim to ransomware from paying the ransom." Because probably, they will eventually pay the ransom secretly without reporting the fact of the cyber attack to the authorities.
Apparently this is why the Senate Justice Committee seems to be proposing as a solution to encourage companies to report such attacks to the Authorities and not to impose a ban on ransom payments.
There are many questions around this issue, and one thing is for sure: the controversy over whether or not to pay ransomware ransomware attacks is by no means over. This is of course a good thing - because with the discussion and the different opinions a safer conclusion will emerge.
Until then, however, it is likely that we consumers will see prices for goods and services rise so that companies can continue to pay ransom to blackmailers, either directly or through their insurance companies.
"I leave you with the words of Margaret Thatcher on October 14, 1988," concludes the ESET expert.