Ransomware after all who pays the ransom?

According to Tony Anscombe, the head of public safety information at the company ESET cybersecurity, the answer to the question is: "probably yes".

In his article, Tony Anscombe from ESET talks about who ultimately pays the ransom when cybercriminals who have stolen or blocked valuable and data from business systems, blackmail them and finally the businesses give in and pay the amount.ransomware

These attacks are called press attacks ransomware where "ransom" means "ransom".

Just imagine for a moment, says Anscombe, that you go to to buy something for 100 euros. Depending on where you are in the world, sales tax may need to be added to the checkout and your receipt will show €100 for the goods and maybe plus €10 for tax, totaling €110.

The company selling the product must make a profit and cover its expenses, which may include staff wages, facility costs, insurance, and many others related to its operation.

But when a company has fallen victim ς ransomware and has decided to pay a ransom to cybercriminals to regain access to its systems or to keep data from being leaked publicly or its data from being sold to web, this is considered a cost of doing business and is a cost that should be built into the final price of its product or services paid by customers.

So what would you think if in the receipt for the purchase you made you saw that the company somehow finances cybercrime in the following way: product 100 euros, tax 10 euros, donation to cybercriminals 2,50 euros? "I suspect, and I hope, that you would challenge the charge and react. I would, however, do it. " says Tony Anscombe of the cybersecurity company.

Of course, the companies would probably have replied: "It does not matter, we are insured for cybersecurity risks and our insurance company will pay most of the ransom". This may well be the case, but the company must pay the insurance company that works based on the likelihood of risk when charging a premium.

That is, if the insurance companies insure 10 companies and one in 10 of them falls victim to ransomware attack, then the receipt from one of these 10 companies will show the transaction of 100 euros, 10 euros tax, plus a donation of 2,5 euros to cybercriminals, paid through the insurance company. The money to pay the ransom ultimately comes from you, the consumer.

According to an article in The Hill, in response to a question from U.S. Sen. Mazie Hirono, FBI Assistant Director of Cybercrime Bryan Vorndran said: "We believe the solution is not to ban ransomware companies from paying the ransom ”. Because probably, they will end up paying the ransom secretly without reporting the fact of the cyber attack to the authorities.

Apparently this is why the Senate Justice Committee seems to be proposing as a solution to encourage companies to report such attacks to the Authorities and not to impose a ban on ransom payments.

There are many questions around this issue, and one thing is for sure: the controversy over whether or not to pay ransomware ransomware attacks is by no means over. This is of course a good thing - because with the discussion and the different opinions a safer conclusion will emerge.

Until then, however, it is likely that we consumers will see prices for goods and services rise so that companies can continue to pay ransom to blackmailers, either directly or through their insurance companies.

"I leave you with the words of Margaret Thatcher on October 14, 1988," concludes the ESET expert.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
ransomware, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).