this post was submitted on 18 Jun 2024
62 points (100.0% liked)
Data Breaches
1041 readers
72 users here now
Information about data breaches, data leaks, ransomware attacks, and other related stories.
Companion communities
- [email protected] - centered on the cybersecurity and information security profession.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So... Now the attackers have more funds to launch more attacks and they also know Panera has insufficient disaster recovery plans/backups. Good job negotiating with terrorists!
That's not how it works. I'm in this industry directly and do Incident Response every day.
Paying the ransom only happens after an IR team comes in and remediatess, hardens, and attempts all other methods for getting the client out of the situation.
If Panera was found criminally negligent, i.e. bad practices and not an exploit, there may be a case held or the insurance carrier forces Panera to pay the ransom and the recovery bill.
What you're right about is that the TA gets money. However, every time they get paid, FBI and other agencies get another piece of the puzzle to take the TA down. It's happened a couple times this year.
You're not speaking from a place of experience.
I mean, there are also cases where the same company has been ransomed by multiple different TAs after paying ransoms, so it doesn't always go down the way you described either.
(also in the industry. not sure coming at this from the angle "I'm in the industry, your opinion is invalid" was the best choice.)
I actually dealt with that a couple of times. The last one had two TAs, Blacksuit and a second TA who gained access in tandem without coordination. They both executed their encryptions on the network and it spread. Some had the BH extension and some files had the other. Invariably, both sets of files were double encrypted, but it varied on which was the prominent extension.