Should Organizations Just Pay the Bitcoin Ransom? Survey Says, ‘No’

(TNS) — The San Diego Unified Port District fell victim to a cyberattack recently with attackers demanding Bitcoin for access to computer systems. The port did not say how much the attackers asked for but there is some evidence of Bitcoin ransomware attacks being cheaper just to pay off. In March, the city of Atlanta received a $51,000 ransomware demand that it refused to pay. Atlanta has spent around $5 million so far fixing the problem, accord to the Atlanta Journal-Constitution.

Question: The Port would not say how much was requested, but would it have been less costly in the long run to pay the Bitcoin?

Phil Blair, Manpower

NO: The ransom amount is minimal compared to the long-term disruption and cost afterward. Pay the ransom and then power down on never letting it happen again. Then, share what you learned with all other governmental and private bodies to help them protect themselves from the issue. We all have to stay far ahead of this disruption.

Kelly Cunningham, San Diego Institute for Economic Research

NO: It may be understandable to want to just pay the ransom, but that simply encourages extortion scams to continue. There is no guarantee data will be restored. Data still may be damaged remain infected. Funding cybercriminals also incentivizes larger cyberattacks, so paying does not make the issue go away. Costs of implementing cybersecurity by necessity are spent in any case to forestall future attacks, while sensible policies regularly backing up systems are essential.

David Ely, San Diego State University

NO: There are strong arguments for why paying a ransom is not the best response for the long run, even if the amount demanded is small. There is no guarantee that the attacker will enable the recovery of data once the ransom is paid. Also, an organization that demonstrates a willingness to resolve ransomware attacks by paying a ransom probably increases the likelihood that it will be the target of additional attacks.

Gina Champion-Cain, American National Investments

NO: The two macro issues to deal with are system vulnerability and the need for cryptocurrency regulation. Proactive “hardening” of systems will always dwarf the direct cost of a ransom as will the cost to repair and restore the breached system. Additionally, ransom payment without system reconfiguration will invite future ransom. These crypotcurrency ransom events are directly related to the nearly untraceable nature of the currencies. Regulating this payment method would reduce threat.

Alan Gin, University of San Diego

YES: For individual entities, it is usually less expensive to pay the ransom. It is really costly to recover information that is lost or held hostage, but organizations have to get it back to function. Unfortunately, this would contribute to increased incidents of this behavior in the future as the perpetrators are rewarded. This is a situation where what is good for an individual entity might be bad for society as a whole.

James Hamilton, UC San Diego

NO: The more hackers succeed financially with these attacks, the more of them we’re going to see. The only viable strategy is for every enterprise to recognize that new technology raises new vulnerabilities. We continually need to develop better measures to defend the integrity of the systems we rely on. A key step is making sure all employees understand how they can help keep hackers out of the system.

Gary London, London Moeder Advisors

Not participating this week.

Norm Miller, University of San Diego

NO: Anyone answering “yes” is a short-term selfish myopic. I’m certain no one will say “yes.” Society must stand up against such bullies or else fuel their future larceny. The ransom writers have exposed a weakness in the security of the Port, and what would help the most is to provide us and McAfee, and similar firms, with a diagnosis of the method used to hack their system so others can be shielded.

Jamie Moraga, IntelliSolutions

YES: It could have been but without the facts it’s hard to say definitively. The Federal Bureau of Investigation doesn’t advocate paying ransom to an adversary. However, if businesses or organizations are faced with an inability to function, they should assess all options to protect their business and its assets. Training, patching, anti-virus and anti-malware software, and regular backups (on and off site) are just the tip of the iceberg in protecting your business. Cybersecurity threats are dynamic, and they evolve daily.

Austin Neudecker, Rev

NO: Ransomware and other cybersecurity attacks will increase over the next decade until we modernize our defenses and pass new laws protecting our citizens. If those affected pay the ransom, even…

Article Source…