Never pay if you are being extorted by cyber criminals, is often the advice. This makes crime pay and the problem continues. However, after a digital burglary, the KNVB has made agreements with Russian hackers. Is that wise?
A successful cyber attack has major consequences for the affected company or organization. Hackers can completely shut down systems or steal sensitive data. The criminals then try to blackmail their victims.
For example, in exchange for money, the affected organization regains access to its systems. Or the criminals promise that nothing will be done with the stolen data.
“The theory says that you should never pay cyber criminals,” says cybersecurity expert Dave Maasland of security company ESET. “Criminals earn millions of euros from this and after payment you have no guarantee that agreements will be fulfilled.”
But in practice there is sometimes no other option than paying. For example, if hackers have locked all systems and wave the key. “It is then a choice between two evils,” Maasland explains. “Will you let your company go bankrupt or will you pay the cybercriminals?”
Extortion with stolen data
The KNVB fell victim to Russian cyber criminals in April. In the event of a digital break-in into the association’s systems, the criminals have probably stolen a lot of sensitive data. The organization was then extorted by the hackers.
The football association has made agreements with Russian cyber criminals about not publishing and deleting sensitive data, the KNVB reported on Tuesday. It is obvious that the association has paid compensation for this, but the organization does not want to confirm this.
Maasland finds it striking that the KNVB has probably paid. “The KNVB could have set an example of how to approach a digital crisis. I think things could have gone differently in certain areas.”
Negotiating with cybercriminals maintains a reprehensible revenue model, says chairman Aleid Wolfsen of the Dutch Data Protection Authority. That is why the privacy watchdog strongly advises against paying ransoms.
No guarantees that the KNVB data is now safe
According to Maasland, a payment does not ensure that the stolen data is now safe. That is why, in his opinion, the football association would have been better off starting a major information campaign to inform victims in April. That campaign is only now getting underway.
The incident at the KNVB shows that any company or organization can become a victim of cybercrime. But not all companies think about this. As a result, they are not prepared.
According to Maasland, every company should ask itself how it can be affected digitally. Then you think about how you will respond to such an incident. “Think of it as a kind of digital fire drill.”
Call the digital fire brigade in the event of a cyber incident
“It still happens too often that company directors do not know how to respond to a cyber incident,” Maasland explains. “By thinking about it in advance, you can make better decisions in the event of an incident.”
Fortunately, there is also such a thing as a digital fire brigade. “In the event of a hacking attack, contact a company specialized in controlling cyber incidents as soon as possible,” Maasland advises. “They have experience in dealing with cyber criminals and can help and advise you.”