After a breach affecting thousands of institutions, Canvas's decision to reach an agreement with attackers highlights how ransom negotiations risk turning cybercrime into a predictable business model.
I think this is the more naive take. If it was a given that the information would be public either way, noone would ever pay. Ransomware groups rely on a reputation of withholding their end of the arrangement or the corporate bean counters could never justify the payout to them.
It’s interesting though. For lots of other crimes, people don’t pay ransoms. For example the recent kidnapping of that tv personality’s mother in Arizona. And in those cases, such an arrangement or transaction, when completed fulfills both sides and it’s done. In this case, there is no guarantee that data doesn’t end up sold on the dark web regardless of whether the payment is made. And plenty of other let’s say not as “professional” hacker groups (I put in quotes for lack of a better word, and that’s a term we are using in this thread) sometimes can’t decrypt your shit because they are running shredware rather than ransomware. Or they just fucked up and don’t know what they are doing. So it’s a big chance you are taking.
And yes, some of the “professional” groups have essentially a “customer support” team, which you contact and they help walk you through the process of paying the ransom and whatever else, applying the decryption etc.
When someone gets kidnapped there’s no CEO that can go to jail for a privacy breach. Data breaches typically stay out of the news, if it becomes public the victim company can face legal action. It can literally be cheaper to quietly pay the hackers.
I think this is the more naive take. If it was a given that the information would be public either way, noone would ever pay. Ransomware groups rely on a reputation of withholding their end of the arrangement or the corporate bean counters could never justify the payout to them.
It’s interesting though. For lots of other crimes, people don’t pay ransoms. For example the recent kidnapping of that tv personality’s mother in Arizona. And in those cases, such an arrangement or transaction, when completed fulfills both sides and it’s done. In this case, there is no guarantee that data doesn’t end up sold on the dark web regardless of whether the payment is made. And plenty of other let’s say not as “professional” hacker groups (I put in quotes for lack of a better word, and that’s a term we are using in this thread) sometimes can’t decrypt your shit because they are running shredware rather than ransomware. Or they just fucked up and don’t know what they are doing. So it’s a big chance you are taking.
And yes, some of the “professional” groups have essentially a “customer support” team, which you contact and they help walk you through the process of paying the ransom and whatever else, applying the decryption etc.
When someone gets kidnapped there’s no CEO that can go to jail for a privacy breach. Data breaches typically stay out of the news, if it becomes public the victim company can face legal action. It can literally be cheaper to quietly pay the hackers.