Paying cybercriminals is like feeding seagulls, don’t do either
This week, ZDNet reported one third of organisations consider paying criminals instead of hardening their security. In other news last month, we learned a forensic company, hired to mitigate an outbreak, flat out payed the $1000 ransom and then charged their customer $6000. Their customer, and indeed the FBI, found this business model shady enough and prosecuted.
While you might be inclined to make a short term risk decision, like “Paying ransom now is cheaper than taking the high road”. Allow me to outline why it’s not, based on my personal experience growing up on an island.
Feeding seagulls might sound strangely satisfying. They eat potato crisps out of your hands in mid air. It’s kind of spectacular in a creepy way. Here’s the thing. Seagulls aren’t nice creatures. On the island, we call them “air rats”. Which might not be their fault as a product of their evolution, they’re just not nice.
What happens if you feed seagulls: they get cocky and steal your herring
They get back in bigger numbers
Seagulls are encouraged to return when you feed them. And they will take all their friends and family and neighbors with them. You can see this behavior escalating very rapidly: start with 5 potato chips and the seagulls will multiply tenfold within the minute.
They will defecate on your shoulders
You would expect some gratitude from seagulls when you feed them, but no. This is how they repay you: they release their droppings above you. As they had multiplied already, the chance of you being hit is also multiplying. And seagull droppings are hard to get rid off in all their white and green nastiness.
Don’t feed the seagulls
So, don’t. Please don’t. Because it’s especially unfair if you feed the seagulls and then they defecate on my shoulders. Here’s my hunch: the cocky creatures actually like it. This is a community effort, people! We need to stand strong, stand together, and take the high road, like Maersk, bless their souls, who stood strong in the white and green rain.
Push them back into obscurity
When I read news like this, these thoughts go through my mind. Cryptojacking, for criminals, is a viable alternative to ransomware and less risky for them too. It doesn’t include the destruction part. If we don’t pay criminals, they will find other attacks – with any chance the next one might be a bit more victim friendly. But rest assured, we’ll deal with those ones too.