Such clear Game theory. If nobody pays ransom, the group suffers less over all. But targeted individuals suffer greatly. Targeted individuals have a high incentive to pay, which encourages more attacks on the group.
A previous company I worked for took the “high road”. Mostly cause the CIO was a delusional psychopath. She refused to pay the mere 1 mil ransom. Told the CEO the disaster recovery systems would bring the company back online in a few hours (everybody, except her apparently, knew the DR system was a total joke). Hackers wiped the encrypted drives of every machine in the company and said good day.
4 weeks later they had the website, basic email and server operations functioning again. 3 months later they had restored business continuity more or less.
She was fired a week after that.
I’m guessing it cost the company 10’s if not over 100 million.
A previous company I worked for took the “high road”. Mostly cause the CIO was a delusional psychopath. She refused to pay the mere 1 mil ransom. Told the CEO the disaster recovery systems would bring the company back online in a few hours (everybody, except her apparently, knew the DR system was a total joke). Hackers wiped the encrypted drives of every machine in the company and said good day.
4 weeks later they had the website, basic email and server operations functioning again. 3 months later they had restored business continuity more or less.
She was fired a week after that.
I’m guessing it cost the company 10’s if not over 100 million.