As we have heard today our Luas website was attacked and the request was for just One Bitcoin.. However this is a clever move and one some folk might not get the grasp as to why.. One Bitcoin today would net you some €3300 euros and would be an option for a company to pay up and shut up or as Paul goes on to explain below..
“Luas has done the right thing under the circumstances,” says Paul Ducklin, Senior Technologist at Sophos. “Taking the website offline gives the company the chance to investigate properly and try to figure out just how far the hackers actually got.”
Ducklin urges victims of this sort of hack not to pay up. “Either the hacker has defaced the website without getting any further, so the threat to release customer data is a hollow one, or the hacker already has the data and paying up won’t magically make them delete it – for all you know it might already have been stolen from the hackers themselves, or sold on to someone else on the underground.”
Ducklin points out that this sort of extortion – “pay up to *stop* us doing something that we might very well do anyway” – is very different to a ransomware attack, and the decision on whether to pay or not can’t be compared.
Ducklin’s explains: “Even though we advise people not to give in to ransomware demands, we accept that victims sometimes have little choice but to pay up in order to get their computers working properly again. In the case of ransomware you’re paying to get something that the crooks have but you don’t, namely the decryption key. If you do pay, then you find out pretty quickly whether the decryption key works or not, and you can move on from there. You don’t have to trust the crooks beyond that point. But paying cybercriminals off not to dump already-stolen data means you then have to trust them for evermore – and you have to trust them not to get hacked themselves, too!”