Ransomware-wielding attackers, always keen to turn an illicit profit, have developed myriad tactics for extorting victims. These include exfiltrating data before encrypting systems and demanding a stand-alone ransom in return for a promise to not leak or sell stolen data, but rather to delete it.
Bill Siegel, head of ransomware incident response firm Coveware, urges victims to never pay for any promise or guarantees to delete data, including for victims in the healthcare sector that might be trying to minimize any impact on patients (see: Ransomware: ‘Amateur’ Tactics Lead Fewer Victims to Pay).
“You can’t audit that – threat actors deleting the data. You can’t look in every corner of every cybercriminal forum to see if the information is being sold or shopped anyway,” Siegel says. “There’s no way to tell if the threat actor is going to come back and re-extort the organization later on, and in a lot of cases we see, that ends up happening.”
In this video interview with Information Security Media Group, Siegel discusses:
- Ransomware realities, including why restoring from backups can be faster than using any decryptor;
- Unique challenges faced by healthcare organizations trying to defend themselves against ransomware;
- How cloud-based systems help to better defend against ransomware.
Prior to founding Coveware, Siegel served as CFO of SecurityScorecard, head of NASDAQ Private Market and CEO of SecondMarket.