I’ve recently noticed quite a few articles along the lines of the one I link to here, where organisations pay out ransom fees to hackers in order to recover their data.
Of course these are only the ones we hear about and I have no doubt many companies have paid off ransomware hackers in secret.
It is selfish to the extreme because you’re simply supplying funds that will help the hackers exploit other organisations.
I’d argue that the paying off of hackers ought to be illegal. In fact I thought it was already illegal to aid and abet a criminal.
It seems insurers are often at the root of these payouts:
The town's insurer was contacted by the hackers and negotiated ransom payment of 42 bitcoins, or roughly $500,000. Officials felt that paying the ransom was the most efficient way of regaining computer access.
This is very much a case of “I’m alright Jack” and they’re missing the bigger picture or, most likely, simply don’t care about it.
Kevin Beaumont, a cyber-security specialist, sums it up in the article:
Organisations are financing their attackers to be better than them - and sooner or later that situation may snowball for everybody else trying to defend their networks.