<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">I think a big problem may be that the ransom is actually very cost effective and probably the lowest line item cost in many of these situations where large revenue streams are interrupted and time=money (and maybe also health or life). <div class=""><br class=""></div><div class="">The original thought that it should be handled like standard DR and tighten up security may apply to very small businesses though where they could afford to try to ignore the ransom request and rebuild more securely hoping the criminals will move on and not come back for revenge.<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Jun 24, 2021, at 3:08 PM, Shane Ronan <<a href="mailto:shane@ronan-online.com" class="">shane@ronan-online.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">A lot of the payments for Ransomware come from Insurance Companies under "Business Interruption Insurance". It in fact may be more cost effective to pay the ransom, than to pay for continued business interruption. <div class=""><br class=""></div><div class="">Of course along with paying the ransom, a full forensic audit of the systems/network is conducted. The vector for many of these attacks is via a worm triggered by someone opening an attachment on an email or downloading compromised software from the Internet. Short of not allowing email attachments or blocking Internet access, the best method is to properly train users to not click on attachments or visit "untrusted" sites, but nothing is perfect.</div><div class=""><br class=""></div><div class="">Shane</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jun 24, 2021 at 6:01 PM Michael Thomas <<a href="mailto:mike@mtcc.com" class="">mike@mtcc.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class=""><p class=""><br class="">
</p>
<div class="">On 6/24/21 2:55 PM, JoeSox wrote:<br class="">
</div>
<blockquote type="cite" class="">
<div dir="ltr" class="">
<div dir="ltr" class=""><br clear="all" class="">
<div class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div class="">It gets
tricky when
'your' company
will lose
money $$$
while you wait
a month to
restore from
your cloud
backups.</div>
<div class="">So
Executives
roll the dice
to see if
service can be
restored
quickly as
possible
keeping
shareholders
and customers
happy as
possible.</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
</div>
</div>
</blockquote><p class="">But if you pay without finding how they got in, they could turn
around and do it again, or sell it on the dark web, right?</p><p class="">Mike<br class="">
</p>
<br class="">
<blockquote type="cite" class="">
<div dir="ltr" class=""><br class="">
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jun 24, 2021 at 2:44
PM Michael Thomas <<a href="mailto:mike@mtcc.com" target="_blank" class="">mike@mtcc.com</a>> wrote:<br class="">
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br class="">
Not exactly network but maybe, but certainly operational.
Shouldn't this <br class="">
just be handled like disaster recovery? I haven't looked
into this much, <br class="">
but it sounds like the only way to stop it is to stop paying
the crooks. <br class="">
There is also the obvious problem that if they got in,
something (or <br class="">
someone) is compromised that needs to be cleaned which
sounds sort of <br class="">
like DR again to me.<br class="">
<br class="">
Mike<br class="">
<br class="">
</blockquote>
</div>
</div>
</blockquote>
</div>
</blockquote></div>
</div></blockquote></div><br class=""></div></body></html>