Skip to footer
Passcode
Modern field guide to security and privacy

Should a company pay ransom to hackers?

Organizations facing ransomware should pay to get back in business, says Dell Fellow David Konetski at South by Southwest

David Konetski, Dell Fellow and Executive Director in the Client Solutions Office of the CTO, and Brett Hansen, Executive Director, Dell Data Security Solutions talk "Future of Malware Attacks and Protection Strategies" at SXSW 2016.
  • By Staff

| Austin, Texas

While the brightest minds of Silicon Valley are churning out digital security tools, the bad guys have kept pace.

A network breach can lead immediately to the deployment of a piece of software that encrypts your organization’s data until you pay a ransom to unlock it. And recognizing malicious code is no longer a simple matter of checking against known code snippets. These days, malware can shape-shift, sometimes as quickly as every few milliseconds. Not to mention there is just a lot more malware being hurled against the digital shields: Somewhere on the order of a quarter million new pieces of malware are detected every day.

Enterprises should take a holistic, layered approach to security in the face of this growing criminal sophistication, said David Konetski, a Dell Fellow who spoke this week at the South by Southwest Interactive conference in Austin, Texas (watch the video here or below). That means employing systems that together work to predict, prevent, detect, and remediate attacks.

About video ads

This comprehensive framework can frustrate business executives who wonder why one solution alone isn’t good enough.

Mr. Konetski said he sometimes gets asked, “'Why do I need something that’s going to protect 99 percent of all malware coming into my machine if I’ve got the world’s best detection system?' If you pay a monitoring service, that’s great, but if you have an incident and they have to come in, put feet on the street and clean that up, it’s going to be very expensive.”

Such a strategy might also wind up costing a ransom payment. If a business relies solely on detecting odd behaviors on the network, it may not move fast enough. A ransomware attack that deploys even one millisecond faster than the detection system will result in your machine getting locked, encrypted, and ransomed.

What’s the best advice for businesses who find themselves in this situation?

“I’ve consulted some of the foremost experts in the world on this topic, everybody from CERT [Computer Emergency Readiness Team] to our internal folks at SecureWorks, and you know the recommendation is to pay the ransom,” said Konetski. “This is a business. There hasn’t been any rampant fraud in that industry…. You get your data back.”

These talks were part of a series of discussions hosted at Passcode's booth at SXSW. See all that Passcode, Dell, Mozilla, and the Center for Democracy and Technology were up to at SXSW and watch the other talks.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
editor@csmonitor.com
Subscribe
Mark Sappenfield
Editor

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

Subscribe to insightful journalism

QR Code to Should a company pay ransom to hackers?
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0401/Should-a-company-pay-ransom-to-hackers
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe