Critical Factors to Consider Before Paying a RansomFormer FBI Agent Vincent D'Agostino Offers Guidance on Making the Right Decision
What critical factors should organizations consider before taking the step of paying extortionists a ransom in hopes of regaining access to systems or avoiding the release of data in the wake of a ransomware attack? Former FBI special agent Vincent D'Agostino provides guidance.
First, organizations should check to see whether the hackers responsible for the attack are on government threat lists, says D'Agostino, who is head of cyber forensics and incident response at security vendor BlueVoyant. "There are certain groups that, as U.S. citizens, we are generally not permitted to pay, because they have been connected with terrorist groups, connected with nonfriendly nations," he says in an interview with Information Security Media Group.
For instance, paying ransomware groups that have been added to the U.S. Treasury Department's Office of Foreign Assets Control list - such as Evil Corp, which has been connected to the Russian government - could result in serious repercussions, he warns.
"Technically, the government could come after you after payment, and you can get fined and there are all sorts of legal liabilities that can be applied that you violated the Office of Foreign Assets Control," he says in an interview with Information Security Media Group.
Cyber Insurance Issues
Another key consideration when weighing whether to pay a ransom, D'Agostino says, is cyber insurance policy coverage terms.
"You want to make sure that [the insurer] is involved in that process right from the get-go, to make sure that you're covered and that you're making decisions with that in mind ... and not just hoping that your policy covers all of it," he notes.
In this interview (see audio link below photo), D'Agostino also discusses:
- The pros and cons of paying attackers to unlock systems or return stolen data;
- Why law enforcement agencies, including the FBI, typically advise against paying extortionists;
- The latest hacker ransom demand trends;
- Other tips for potential negotiations with cybercriminals.
Prior to joining BlueVoyant, D'Agostino led the incident response team at K2 Intelligence. Before that, he spent 11 years as a special agent in the FBI's New York office. He was one of the most senior special agents within the bureau's cyber branch and was recognized as a subject matter expert on Tor hidden services and cryptocurrency-facilitated criminal activity. Earlier, D'Agostino was a practicing attorney in New York with a focus on insurance defense litigation.