by adgrooms on June 27, 2019

Radiohead is a popular rock band from England. Millions of fans around the world have bought their music since their debut in 1985. The band was recently hacked, and an archive of their music, not intended to be released to the public, was stolen. The archive contained 18 hours of rough recordings, songs in progress, ideas, probably some unfinished lyrics and wrong notes in there. The hackers demanded a $150,000 ransom or they would release the music to the public. So what do they do? They release it themselves. They allow listeners to stream it online for a limited time or buy it for a suggested price of $23 donation to a climate protest organization. And that is a beautiful example of the best way to respond to hackers.

Things are a little different when it comes to patient data. When a hospital is hacked, dumping all of the patient data onto the internet instead of paying a ransom is not a viable option. So go ahead and just pay the ransom? Not so fast on that choice either. The first problem with that is that you cannot trust a hacker. If you pay, there is no guarantee they will unlock your data. The second problem is that paying incentivizes more ransomware attacks.

Paying hackers off isn't like a ransom drop in a movie...driving to a remote place and tossing a bag full of cash off a bridge. Payment is going to take place on the dark web and in cryptocurrency, making it difficult to track. A lot of the attacks come from countries that make extradition hard, so the threat of prosecution is not a deterrent. Further, many organizations, embarrassed by their breached security, won't report being attacked. All of these factors motivate hackers to keep going. So some in the security field, or more likely adjacent, saw a business opportunity.

Enter security firms who specialize in dealing with ransomware. They claim to have the ability to decrypt data locked by ransomware. But this is impossible without the hackers' key, or a massively powerful computer. As seen in this ProPublica report, this is a scam on top of a scam, in which the firm takes client money and pays the ransom. The article exposes that these businesses charge for "data recovery" and in secret, negotiate with hackers to get the ransom reduced while guaranteeing them the payment. There are no regulations on how these companies work, but there are investigations into the deceptive practices employed by them.

How do we deal with the proliferation of ransomware going forward? The only good way is to eliminate their leverage. The only way to do that, short of building a quantum computer, is to have a well thought out backup system and disaster recovery plan. Defang the hackers, by restoring your data and circumventing their threat.