RSA: Should You Pay Ransomware?

VIDEO: The U.S. Secret Service provides some advice and some warnings about ransomware.


SAN FRANCISCO—Ransomware attacks are a scourge that threatens organizations with information deletion if they don't pay hackers' demands. At a Verizon panel event here at the RSA Conference, experts from the private sector as well as the U.S. Secret Service provided some candid thoughts about how to respond to ransomware.

Bryan Sartin, managing director of The RISK Team at Verizon, asked the panelists, "Ransomware attacks, do you pay, do you play or do you go on holiday?"

William Noonan, deputy special agent of Cyber Operations for the U.S. Secret Service, responded, "If you're doing business right, you go on holiday."

The solution to ransomware is really to have persistent backups that would provide a measure of resiliency for an organization, according to Noonan. Organizations should be educated to understand that they should have persistent backup as a best practice for the business, he added.

In terms of whether or not a ransomware victim should pay the hackers or attempt to play the situation out, Noonan noted that the Secret Service cannot comment on which route an organization should take.

That said, for organizations that do decide to pay a ransomware, there is a question about where the money goes.

"There is always a liability piece to what the money is funding," he said.

Watch the full video from the Verizon RSA Conference panel below:

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.