Paying cybercriminals is like feeding seagulls; don’t do either

This week, ZDNet reported that one third of organisations consider paying criminals instead of upping their cybersecurity. In other news last month, we learned  a forensic company, hired to mitigate an outbreak, flat out payed the $1000 ransom and then charged their customer $6000. Their customer, as well as the FBI, found this business model shady and prosecuted.

While it can seem easier to make short-term risk decisions, like ”Paying ransom now is cheaper than taking the high road”, it’s not. Allow me to outline why not, based on my personal experience of growing up on an island called Walcheren, in the southwest of the Netherlands.

Feeding seagulls
Feeding seagulls might sound strangely satisfying. They eat potato crisps out of your hands in midair. It’s kind of spectacular in a creepy way. Here’s the thing. Seagulls aren’t nice creatures. On Walcheren we call them ”air rats”. This might not be their fault as it’s a side effect of their evolution, but they’re just not nice.

They come back in bigger numbers
Seagulls are encouraged to return when you feed them. And they will bring all their friends and family and neighbors with them. You can see this behavior escalate rapidly: start with 5 potato chips and the seagulls will multiply tenfold within a minute.

They will defecate on your shoulders
You would expect some gratitude from seagulls when you feed them, but no. This is how they repay you: they release their droppings above you. As they had multiplied already, the chance of you being hit is also multiplying. Seagull droppings are especially hard to get rid of in all their white and green nastiness.

Don’t feed the seagulls
So, don’t. Please don’t. Because it’s especially unfair if you feed the seagulls and then they defecate on my shoulders. Here’s my hunch: the cocky creatures actually like it. This is a community effort, people! We need to stand strong, stand together, and take the high road. Much like Maersk, bless their souls, who stood strong in the white and green rain.

Push them back into obscurity
When I read news like this, these thoughts go through my mind. Cryptojacking, for criminals, is a viable alternative to ransomware and less risky for them too. It doesn’t include the destruction part. If we don’t pay criminals, they will find other ways to attack, but with any luck the next one might be a bit more victim friendly. Rest assured though, we’ll deal with those too.

More reading:

2018-06-18T13:50:23+00:0018 juni, 2018|

About the Author:

Eward Driehuis
Chief Research Officer, SecureLink Group

Leave A Comment

SecureLink Sverige