In a recent job interview, I was asked the question if one should pay a ransom if all technical possibilities have been explored, and one has hit a dead end when it comes to ransomware. I answered, “It depends”. Of course, by giving a brief explanation to my answer. Some companies have strict policies, and in some cases, the confidentiality of customers’ data goes beyond those policies.
However, we must also consider what hacker group we are dealing with – their background, their history, and their group’s mission and objectives. We must also take note, that even if one is to pay the ransom there is no guarantee that the key to the encryption will be given or that the data will remain confidential. There are so many variables at play, that every situation must be considered unique, and these different variables will determine the final decision. So the question stands to pay or not to pay the ransom?
Though, it is important to realize that sometimes paying the ransom does have a positive outcome. The Hawaiʻi Community College is one of those entities that has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people. The Hawaiʻi Community College confirmed on June 20, 2023, that they had been victims of a ransomware incident on June 13, 2023. Due to this incident, they took down the IT services immediately in order to protect further spread of the attack. The community college has two campuses and is also part of the Univerity of Hawai’i which could have easily been the gateway to further spread.
The Hawaiʻi Community College came to the difficult decision to negotiate with the threat actors after carefully considering the amount of data they held of 28,000 individuals. Moreover, one of the key elements in their decision-making was the fact that NoEscape is known to leak the data they have from breached networks if the ransom is not paid. Therefore, the criminal’s group history played a vital role in this decision-making.
The Hawaiʻi Community College cybersecurity experts together with NoEscape reached an agreement to destroy all the data obtained illegally. But that does remain a question. However, NoEscape did remove the entry from their data leak site after the ransom was paid.
It is expected that the Information Technology infrastructure of Hawaiʻi Community College will be restored by August 14, 2023. The 28,000 individuals that were affected are expected to get notification letters that pertain to their credit and identity details.
It’s important to note that these types of attacks are increasing against educational institutions. According to The Hawaiʻi Community College, there were 190 known ransomware attacks on ed institutions between June 2022 and May 2023, with an astounding 64% of ransomware against educational institutions according to a 2022 survey.
With so many ransomware attacks the question still remains “To pay or not to pay the ransom?”
P.S. – The job interviewer (entity) that posed the question suffered a ransomware attack, did not pay the ransom, and their data was leaked online.