Tag Archives: survey

To pay the ransom doesn’t always pay off

Further to the discussion as to whether people or organizations should pay up when hit by ransomware…

  • The hardline security maven view is usually that they shouldn’t because it encourages the proliferation of ransomware attacks.
  • A softer view (more or less mine) is that you can’t blame people – especially individuals – for not sacrificing their treasured photos, documents etc for a principle. But we hear of organizations assuming that it’s cheaper to pay the ransom than it is to protect data properly. If so, not only are they adding to the problem, but they’re making an unsafe assumption. That is, that paying the ransom will get their data back.

Sometimes, we’re told that ransomware operators will ‘return’ the data because not to do so may damage their ‘business model.’ And there’s something in that. However, the operators don’t always return the data. Sometimes they just can’t, through some technical issue or incompetence. Sometimes they just don’t bother.

Judging from a survey report from Kaspersky, it seems the number of times that payment doesn’t result in the release of the data may be higher than we think. The report states that:

17% of people online have faced a ransomware threat, with 6% becoming infected as a result. One– in–five users that pay a ransom don’t get their files back

David Harley

 

You can’t always read Facebook on a train

When I saw an MSN article headed Facebook friendships ‘not real’, I was expecting something about lack of validation of Facebookers’ identities. Which is indeed an issue, though not a new one. “On the Internet, nobody knows you’re a dog.” Or, indeed, a wolf in sheep’s clothing.

But no… All this time we’ve been making a fuss about the lack of security and privacy on social network sites, it seems that we’ve been getting it wrong. The problem isn’t security at all.

According to a recent survey, most of us see our friends much more on Facebook than we do in person. Apparently, this becomes truer as you move up the age range. Well, I guess you have to meet your friends in order to get smashed with them.

Anna Richardson, described by MSN as a “Channel 4 presenter and relationship expert” apparently commented:

A Facebook friendship is a poor substitute for actually meeting up with a friend as you miss out on the personal engagement and real connection that you need to build a strong friendship.

It is difficult to make time for friends when juggling busy lives, but without making the effort, there’s a danger that precious friendships are becoming lost in the digital era.

Her advice is to log onto http://www.railcards.co.uk/, buy a railcard and… oh, wait a minute. You can apparently get taxis, finance, holidays, accommodation, broadband, car insurance and many other things at railcards.co.uk, but not railcards. I guess she (or more probably MSN – nice proofing, guys…) meant http://www.railcard.co.uk/, which offers a range of discounted passes for rail travel in the UK. OK, so I should login and buy a railcard (yes, Ken, I am eligible for a Senior Railcard: don’t rub it in…) at www.railcard.co.uk… oh, wait another minute. Isn’t that who commissioned the survey? Well there’s a coincidence….

So I get my railcard and wander down to the station, and get on a train at a reduced rate, and go and see my Facebook friends.

“I’d like a ticket please, to Western Australia, Pennsylvania, Bratislava, Florida, San Diego, the Philippines, Helsinki, Reykjavik, Chennai…”

David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
https://avien.net/blog
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com