this post was submitted on 25 Jul 2024
94 points (97.0% liked)

Technology

59534 readers
3195 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 5 points 3 months ago (4 children)

The hospital paid about $100,000 in Bitcoin to get its data back.

The department said it recovered that ransom as well as a payment from a Colorado health care provider affected by the same Maui ransomware variant.

Why are people this dumb? Don't pay ransoms. Ever. There's no guarantee they will delete their copy, and you should have proper backups anyway (you do make backups, right?).

It worked out in this case, but it's still an extremely stupid move.

[–] yetAnotherUser@discuss.tchncs.de 3 points 3 months ago (1 children)

Depending on who compromised you, paying the ransom is the smart move.

As long as the hacker group has a somewhat established name and reputation, they have more to lose from keeping a copy afterwards than to gain. Trust is like half of the business model for these groups - throwing it all away for a one-time gain isn't the smartest move.

And while you should obviously keep a backup, in the end it might be cheaper to just pay up, especially because of potential future lawsuits should customer data be leaked.

Also, you should absolutely make sure the hackers actually have stolen data instead of merely encrypting it all with a secret key. There's no point in paying in that case.

That's why contacting the police is the right move, they'll be able to investigate and determine who stole the data, or if it's just encrypted. You can also get someone to investigate for you outside the police if you like (the police can be quite slow).

load more comments (2 replies)