this post was submitted on 25 Jul 2024
94 points (97.0% liked)
Technology
59534 readers
3195 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Sure, they'll return the data, but why wouldn't they keep a copy? It's not like there's any way to prove that it's not copied. So they could get a $100k payday from the victim, plus whatever they can get on the black market. They'll probably split up the data so it's not as obvious where it came from (don't want to scare away the next victim).
Any data that's ransomed should be assumed to be available to attackers. That means the first people they should contact are the police, because until they pay the ransom, the attackers probably won't leak it (that would reduce the chance that you'd pay the ransom). There's usually a time limit, but they could probably stall until the police get involved. If the police can catch them, there's a chance they could protect their customers from having their private medical data from being sold.
I get it, breaches happen, but there's no excuse for not having off-site backups. 1TB at Backblaze B2 costs $6/month, so assuming that's enough (it probably is), $100k could pay for over 1000 years of backups... And it's probably something they could pay a contractor once to set up and then largely forget about it until they need it. Or if you use AWS, just turn on backups there, it'll probably cost a little more, but it'll be way easier.
The process of should be:
Your data will probably get leaked on the dark web regardless, so just accept that at step 1.