There is a movement in an attempt to remove the fun from the ransomware gangs and I want to talk about why I think it's futile and misspent energy.
The idea is to make payments to ransomware groups Illegal, against the law.
If I'm a victim of ransomware and the only chance I have to get my data back is to pay the ransomware group, why the **** would I want to not give them what they want, for me to get back what I want if i had the means to do so ? - it's absurd, obviously infuriating and costly, but non-sensicle to support the invert of my needs.
Negotiating the release of the decryptor grants you access to your data, but you're left with a lot of new work
If they haven't taken the data offsite, you still have to understand how it happened, how to prevent it, confidence their isn't persistence and some stark conversations about integrity.
But with the options available, do have ideally a copy of your data is better than the harsh reality of no data, bye-bye, all gone.
It's probably worth saying that I'd like ransomware to die in a fire, It's not going anywhere, It's been proven as an effective means to groups... all that will happen is new ways to introduce opportunities for ransomware payouts and eventually trickle down to weaker adversaries will end up with McDonaldised kits ready to go for a fee or a % of the payout
Some things we haven't? seen yet in this space
- Competitor/Buyer paying for ransomware to affect the success or market value of a thing
- Using Ransomware as a distraction for other attacks to take place
- Easier access to Ransomeware frameworks
- Payment options facilitation & Escrow (proof before payment)
Anyway, a little rant around the mess, I believe that making payments illegal is a poor response placing more burden and pressure on victims of ransomware, if they're going to do that, we should see more about what support is offered in exchange for complying with non-payment positions.
In the meantime, things to defend against ransomware that will help are your backup process, and your endpoint defence, give them some love, or some money and some consulting time, get it right.
All you're doing by not paying the ransom is guaranteeing you won't get your data back, so ... what's in it for you?