Video

Ransom Realpolitik: Paying for Data Deletion Is for Suckers

'You Can't Put the Toothpaste Back in the Tube,' Warns Coveware's Bill Siegel
Bill Siegel, co-founder and CEO, Coveware (Photo: Coveware)

Ransomware-wielding attackers, always keen to turn an illicit profit, have developed myriad tactics for extorting victims. These include exfiltrating data before encrypting systems and demanding a stand-alone ransom in return for a promise to not leak or sell stolen data, but rather to delete it.

See Also: 2023: Addressing the CISO's Many Challenges

Bill Siegel, head of ransomware incident response firm Coveware, urges victims to never pay for any promise or guarantees to delete data, including for victims in the healthcare sector that might be trying to minimize any impact on patients (see: Ransomware: 'Amateur' Tactics Lead Fewer Victims to Pay).

"You can't audit that - threat actors deleting the data. You can't look in every corner of every cybercriminal forum to see if the information is being sold or shopped anyway," Siegel says. "There's no way to tell if the threat actor is going to come back and re-extort the organization later on, and in a lot of cases we see, that ends up happening."

In this video interview with Information Security Media Group, Siegel discusses:

  • Ransomware realities, including why restoring from backups can be faster than using any decryptor;
  • Unique challenges faced by healthcare organizations trying to defend themselves against ransomware;
  • How cloud-based systems help to better defend against ransomware.

Prior to founding Coveware, Siegel served as CFO of SecurityScorecard, head of NASDAQ Private Market and CEO of SecondMarket.

Over 5,000 health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Targeting Healthcare explores these trends and how the industry can respond.

Read more


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cio.inc, you agree to our use of cookies.