среда, 18 июля 2007 г.

Its About the Brand

Recently I read an article about the resurgence of attacks by groups who encrypted compromised data then held it for ransom until a small amount of money was sent to them.

While these attacks are not new (Kaspersky Labs has reported them in the last two years) what was particularly interesting was that these groups were conducting these attacks against US corporations. Having worked for a few US corporations I can assure you that the chances of success by this kind of attack are minimal due to the wide use of disaster recovery software and other backup systems. It is just too easy to restore the data in a few minutes for this type attack to have effect.

I think that in this case however both the article and the attackers miss the point of this threat. There is nothing that a US corporation likes less than bad publicity. Yet this was not mentioned anywhere in the text, should the attackers threaten to go public with their intrusion a great amount of brand damage could be caused and obviously a larger ransom could be demanded.

However, the likelihood of still getting any money from a US corporation even under this threat of disclosure is still zero, just the way US corporations do things, no negotiating with criminals or terrorists (unless maybe they are wearing a business suit and are from Texas) but I digress. In my opinion the threat of this kind of attack is greatly exaggerated, it did not have much of an effect two years ago against home users and it will have no considerable effect today against any major US company.

Отправить комментарий