Every day I get a call from a client asking for help involving ransomware. Friends have called in a panic when that dreadful message comes up on the screen informing you that you are the victim of ransomware with instructions on how to pay the ransom with bitcoin. It is no longer a surprise to get those calls. They are a mundane and sad part of the life of a privacy and security lawyer.
I love to read mysteries. Whodunnits filled with murders and kidnappings. Real stories of kidnappings in movies and books back in the day were based on the premise that if you paid the ransom, they would come back for more. If you paid the ransom, the crime would never cease. And if you paid it, you were never sure that you would get your loved one back. Remember when law enforcement was always on the other line during the phone call coaching the family on how to negotiate with the kidnapper? Refusing to pay the ransom and setting up a trick for the drop of the money always worked and justice prevailed!
Now I am not equating the kidnapping of a loved one with computer ransomware, but admittedly, there are similarities. When did data get so important that we have abandoned as a nation the notion of refusing to pay the kidnapper?
Law enforcement continues to recommend that companies refuse to pay ransom for data. Companies continue to not be fully prepared for a ransomware attack with robust data back-up, incident response, contingent operations and business interruption, so they are paying the ransom. The IBM study showed up to 70 percent of businesses are paying the kidnappers!
Folks, no wonder our data continues to be kidnapped. It is a great way for criminals to make money and if we keep paying the kidnappers, the more they will kidnap.
In 2017, let’s collectively work together to stop the kidnappers by refusing to pay them for our beloved data. That means we must all be prepared for a ransomware attack, combat it and give the kidnappers incentive to go elsewhere.