zlacker

>>Strang+(OP)
If i was a customer id be pissed off, but this is as good as a response you can have to an incident like this.

- timely response

- initial disclosure by company and not third party

- actual expression of shame and remorse

- a decent explanation of target/scope

i could imagine being cyclical about the statement, but look at other companies who have gotten breached in the past. very few of them do well on all points

>>prodig+47
> as good as a response you can have to an incident like this.

From customer perspective “in an effort to reduce the likelihood of this data becoming widely available, we’ve paid the ransom” is probably better, even if some people will not like it.

Also to really be transparent it’d be good to post a detailed postmortem along with audit results detailing other problems they (most likely) discovered.

>>wallet+v8
I strongly disagree. Paying the ransom will put everyone in danger.

>>tobyhi+Ea
I would totally agree with you if we lived in a hypothetical world where ransomware payments aren’t super common anyway.

Until there is legislation to stop these payments, there will be countless situations where paying is simply the best option.

>>wallet+Ra
> Until there is legislation to stop these payments, there will be countless situations where paying is simply the best option.

Paying the ransom is not exactly legal, is it? Surely the attackers don't provide you with a legitimate invoice for your accounting. As a company you cannot just buy a large amount of crypto and randomly send it to someone.

>>yreg+Pi
Paying the ransoms is almost always legal in basically all western countries unless the recipient has been sanctioned.

> As a company you cannot just buy a large amount of crypto and randomly send it to someone.

You can totally do that, why wouldn’t you be able to?

>>wallet+Mn
Because its fraud. You cannot just take money out of the company, you have to put something in your books.