Ransomware"is malware that encrypts all of the data on an infected system. The administrator is notified that if they don't pay a ransom by a certain date,the key to decrypt the data will be permanently deleted. In another scenario, data is stolen and then told it will be released unless a ransom is paid. This could include embarrassing internal emails and/or intellectual property. Ransom demands are often made where Bitcoin or other cryptocurrency is used so these threat actors can remain anonymous when making financial-based ransom demands.

(Note:this topic isconspicuously absent from the books discussion on malware but is a MAJOR issue right now and has been for several years. I dare say that protecting against ransomware is one of the top concerns of any IT or Cyber security organization today. You must know how to protect against and deal with this issue!)

While there are ways to mitigate the effects of such attacks, a couple ways to address any attack on availability is through redundancy- i.e., alternate paths, backup systems, data backups. In the case of data exfiltration, even redundancy is not enough, the data should also be encrypted and the keys protected so they attackers cannot steal and then decrypt this data. If companies fail to protect their data in such ways, there may be nothing a company can do. In fact, some companies have not beenable to determine for certain whether the information was actually exfiltrated.

See:https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html

Unfortunately, many organizations realize these things when it is too late. Also, ransomware threat actors and groups such as Conti use highly effective tactics(as the leaks of their data have revealed per some security analysts and researchers.) Such groups change tactics often, and are now using data theft for extortion purpose as a means to ransom information and get companies to pay demands.

If your business received a ransom demand under the threat of a ransomware threat to destroy and/or reveal your importantdata, and you verified that they indeed have or most likely to have this data -would you pay the ransom? Why or why not?