Tuesday, June 28, 2016

Stop Paying Ransomware and Increasing the Payoff for Cyber Pirates



For the love of all things Internet, just stop it. Stop being so damned naive and dumb about cybersecurity and paying off ransoms. Just frigging stop it!

I just posted a blog entry on this a few months ago.

Ransomware payments solve diddly squat. Sure, the cyber pirate hacker may release your computer after you fork over thousands of dollars, but guess what. HE/SHE IS STILL INSIDE YOUR COMPUTER! What is to stop this hacker from just locking up your system again tomorrow? Nothing, nada, because you were too dumb and lazy to find a cybersecurity expert.

Cybersecurity and business cyberbullying is hard enough without compounding a crime with a bad decision and rolling out the red carpet for another pirate to say, hey, this idiot paid Hacker 14's ransom, he'll probably pay mine, too.

According to Lloyds of London, cybercrime costs businesses $400 billion a year. $100 billion of that is in the U.S. and the victim count is upwards of 556 million. It is expected that the global cost of cybercrime will net $2 trillion by 2019. Two trillion. At this rate, every gang banger is going to learn how to code. It's a better return than the drug trade.

Why? Because companies don't want to spend money on IT, and by the time they do, the hacker has been in their system for years. (See Sony.) How sad is it that even our educational institutions are set up for failure when it comes to this stuff. Case in point, the University of Calgary. Instead of paying ransomware, maybe the curriculum needs to include and force its administration to attend Cybersecurity and Information Technology courses. Oh wait, it does have a Business Technology Management course.

Look, I don't mean to be mean about this, but seriously, when the hell are businesses and organizations going to take this shit seriously? For every dollar you don't spend on IT, for everything you don't know about basic cybersecurity, updating software/apps, or just basic common sense, you put everyone who is connected to you through the Internet at risk.

Sure, companies don't really want to admit their mistake, but saying nothing and hoping it will go away just means all your employees, suppliers, family members, customers, and golf buddies just had their identities stolen and sold to the black market. Then to add icing to the hacker's cake, you just willingly gave him $20,000 top up the money he will earn from selling the credit cards and social security numbers because instead of finding a security expert, you chose to pay ransom instead.

Please, just stop it.