[Opinion] Unending ransomware attacks are a symptom, not the sickness

[Opinion] Unending ransomware attacks are a symptom, not the sickness (www.theregister.com)
from floofloof@lemmy.ca to technology@lemmy.world on 12 May 15:16
https://lemmy.ca/post/43917318

cross-posted from: lemmy.zip/post/38383029

Opinion: We need to make taking IT systems ‘off the books’ a problem for corporate types

#technology

threaded - newest

INeedMana@lemmy.world on 12 May 15:33 next collapse

When a building needs maintenance bad enough that it doesn’t pass a set of regulations, it will get closed until fixed. Maybe we need something like that for IT infrastructure

Linktank@lemmy.today on 12 May 15:43 next collapse

As well as international task forces to take down people who use borders as a means of immunity to take advantage of people.

solsangraal@lemmy.zip on 12 May 16:03 next collapse

my state mandated some minimum security standards for state-run orgs, like MFA etc. which are on the whole woefully inadequate. but also the budgets for IT depts haven’t gone up. so the same handful of underpaid IT guys (who regularly and rightly get poached) are saddled with an extra mountain of work while they’re already stretched to the limit. this is all YOUR data that’s housed in a straw hut surrounded by huffing and puffing wolves

roofuskit@lemmy.world on 12 May 16:11 next collapse

The insurance industry is filling in this gap right now for cyber insurance. They are requiring a certain level of security before they will write a policy. Try doing business with any other company without a huge cyber insurance requirement in the contract.

Xaphanos@lemmy.world on 12 May 17:23 collapse

It already works like this. Audits perform this function. Failing a mandatory audit generally goes very poorly for financial companies. The unintended result is falsified audits - something my former company did (still does?) every year. The banks and the Fed never found out.

Naich@lemmings.world on 12 May 16:50 next collapse

Is it still legal to pay the ransom? That seems pretty stupid to me. Aside from anything else, you are financing organised crime. It shouldn’t be allowed.

MoonlightFox@lemmy.world on 12 May 17:13 next collapse

Maybe even breaking sanctions and supporting terrorists

catloaf@lemm.ee on 12 May 18:00 next collapse

It is not legal. Some find ways to do it anyway.

grumpasaurusrex@lemmy.world on 13 May 01:49 collapse

It varies based on local legislation, so in some places paying ransoms is banned but it’s by no means universal. It’s totally valid to be against paying ransoms wherever possible, but it’s not entirely black and white in some situations.

For example, what if a hospital gets ransomed? Say they serve an area not served by other facilities, and if they can’t get back online quickly people will die? Sounds dramatic, but critical public services get ransomed all the time and there are undeniable real world consequences. Recovery from ransomware can cost significantly more than a ransom payment if you’re not prepared. It can also take months to years to recover, especially if you’re simultaneously fighting to evict a persistent (annoyed, unpaid) threat actor from your environment.

For the record I don’t think ransoms should be paid in most scenarios, but I do think there is some nuance to consider here.

drmoose@lemmy.world on 12 May 17:23 next collapse

Sometimes I wonder what’s true economic damage here from lack of proper security practices. This shit cascades to millions of other problems from financing terrorists to leaking private data. Don’t even know how this could ever be measured but my guess would be that it’s very substantial.

pineapplelover@lemm.ee on 12 May 20:03 collapse

Company I work for just got ransomed lol. Computer systems are down.