04 Oct 2022
If you wanted to, could you pay the ransom for a cyber attack?
After nearly a week, the details of the Optus cyber attack are still unclear. At one point, it was thought that confidential data relating to 10,000 unlucky Optus customers had potentially been leaked by the now infamous Optus hackers. Passport details, dates of birth, addresses. All data leaked, purportedly in the open. To make matters worse, the hackers behind the Optus data breach were said to have announced that they would continue to leak the sensitive data of an additional 10,000 Optus customers each and every day for the next 4 days unless Optus paid their hackers a ransom of 1.5 million in cryptocurrency for the cyber attack.
That’s a lot of data.
Hackers are often crystal clear about their motivations for hacking. In many cases, they are doing it for ransom. But not the regular cash kind of money that you can stuff in a suitcase or bury in a vault. Hackers usually demand cryptocurrency. Cryptocurrency has obvious advantages for extortionists. The transfer of cryptocurrency allows criminally minded hackers to remain anonymous – likely untraceable, which is an important requirement for criminal activities!
Organisations faced with a cybercrime like the Optus one, are often left having to decide whether to pay the ransom. The ACSC (Australian Cyber Security Centre) advises against paying ransoms. Payment of the ransom may increase an organisation’s vulnerability to future cybercrimes. In addition, there is no guarantee that payment will undo the data breach.
But for a moment let’s imagine that your organisation decides that your hackers are of the honest type (yes – honest hackers. That is, actually a “thing”) and that the risks of paying the ransom outweigh the risks of failing to do so. You cannot simply bring in your security experts to arrange a drop (James Bond style) or call the bank for an electronic transfer – you are going to need to make that ransom payment on the blockchain.
Yes. The blockchain.….so perhaps it’s not just trading enthusiasts who benefit from prior knowledge about trading on the blockchain.
For more information around the legal implications of blockchain and cryptocurrency, take a closer look at Practical Guidance, Cybersecurity, Data Protection & Privacy. Contact us for a demo or free trial here.