zlacker

[return to "Checkout.com hacked, refuses ransom payment, donates to security labs"]
1. prodig+47[view] [source] 2025-11-13 10:24:20
>>Strang+(OP)
If i was a customer id be pissed off, but this is as good as a response you can have to an incident like this.

- timely response

- initial disclosure by company and not third party

- actual expression of shame and remorse

- a decent explanation of target/scope

i could imagine being cyclical about the statement, but look at other companies who have gotten breached in the past. very few of them do well on all points

◧◩
2. wallet+v8[view] [source] 2025-11-13 10:34:19
>>prodig+47
> as good as a response you can have to an incident like this.

From customer perspective “in an effort to reduce the likelihood of this data becoming widely available, we’ve paid the ransom” is probably better, even if some people will not like it.

Also to really be transparent it’d be good to post a detailed postmortem along with audit results detailing other problems they (most likely) discovered.

◧◩◪
3. gchamo+4k[view] [source] 2025-11-13 12:07:48
>>wallet+v8
You mean as a customer you'd feel better if the company victim of ransom would help fund the very group that put the business and your data in jeopardy?
◧◩◪◨
4. wallet+cq[view] [source] 2025-11-13 12:53:02
>>gchamo+4k
Of course, it makes my data and my customers data less likely to end up public on the internet.

It’s not great, but it’s the least shitty option.

◧◩◪◨⬒
5. gchamo+Qq[view] [source] 2025-11-13 12:57:08
>>wallet+cq
What makes you think they won't get the money and sell the database in the dark web?

This is like falling victim to a scam and paying more on top of it because the scammers promised to return the money if you pay a bit more.

I see no likelihood game to be played there because you can't trust criminals by default. Thinking otherwise is just naive and wishful. Your data is out in the wild, nothing you can do about that. As soon as you accept that the better are your chances to do damage reduction.

◧◩◪◨⬒⬓
6. wallet+VX[view] [source] 2025-11-13 15:55:22
>>gchamo+Qq
Their incentives are well known. You don’t have to trust them to assume that they will act rationally.

Picking up hundreds of thousands at best (very few databases would be worth so much) when your main business pays millions or tens of millions per victim simply isn’t worth it, selling the data would jeopardise their main business which is orders of magnitude more profitable.

Absolutely no IR company will advise their clients to pay if the particular ransomware group is known to renege on their promises.

◧◩◪◨⬒⬓⬔
7. gchamo+m21[view] [source] 2025-11-13 16:16:16
>>wallet+VX
Did some research and indeed there is a sort of "honor among thieves" kinda vibes when it comes to ransom attacks.

Still, it's illegal or quite bureaucratic in some places to pay up.

And idk... It still feels like these ransom groups could well sit on the data a while, collect data from other attacks, shuffle, shard and share these databases, and then sell the data in a way that is hard to trace back to the particular incident and to a particular group, so they get away with getting the ransom money and then selling the db latter.

It's also not granted that even with the decrypt tools you'd be able to easily recover data at scale given how janky these tools are.

I don't know. I am less sure now than I was before about this, but I feel like it's the correct move not to pay up and fund the group that struck you, only so it can strike others, and also risk legal litigations.

[go to top]