Ransom Realpolitik: Paying for Data Deletion Is for Suckers'You Can't Put the Toothpaste Back in the Tube,' Warns Coveware's Bill Siegel
Ransomware-wielding attackers, always keen to turn an illicit profit, have developed myriad tactics for extorting victims. These include exfiltrating data before encrypting systems and demanding a stand-alone ransom in return for a promise to not leak or sell stolen data, but rather to delete it.
See Also: Ransomware: Defense in Depth with VMware
Bill Siegel, head of ransomware incident response firm Coveware, urges victims to never pay for any promise or guarantees to delete data, including for victims in the healthcare sector that might be trying to minimize any impact on patients (see: Ransomware: 'Amateur' Tactics Lead Fewer Victims to Pay).
"You can't audit that - threat actors deleting the data. You can't look in every corner of every cybercriminal forum to see if the information is being sold or shopped anyway," Siegel says. "There's no way to tell if the threat actor is going to come back and re-extort the organization later on, and in a lot of cases we see, that ends up happening."
In this video interview with Information Security Media Group, Siegel discusses:
- Ransomware realities, including why restoring from backups can be faster than using any decryptor;
- Unique challenges faced by healthcare organizations trying to defend themselves against ransomware;
- How cloud-based systems help to better defend against ransomware.
Prior to founding Coveware, Siegel served as CFO of SecurityScorecard, head of NASDAQ Private Market and CEO of SecondMarket.
Over 5,000 health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Targeting Healthcare explores these trends and how the industry can respond.