Holding companies hostage, whether by ransomware or by collusion of personnel in critical delivery services is not new. However, they are crimes and need to addressed. It does not seem to me that there is enough aggressive prosecution. Even seven years ago I experienced just how difficult it was to get law enforcement involved. Almost all of the law enforcement agencies I talked to felt like some other agency had jurisdiction. If the attack came from a place in New Jersey, our law enforcement in Beaverton Oregon wanted the NJ state police or the FBI to take the case on (interstate commerce and CFAA violation). And in many cases the law enforcement agencies tried very hard to not take on the case. The US Attorneys office even now will defer crimes causing hundreds of thousands of dollars in damages if there minimally appears to be a civil remedy. By civil remedy I mean lawsuit. And if you get hurt too much to file a lawsuit? Then you just die and no law enforcement agency picks up the case. That's crazy but true. The reason these criminals are getting away with this is there is still not enough skilled focus by law enforcement. Until next time.
Tags » CFAA
Spoiler Alert: According to the article below, in a recent podcast the FBI “warned against paying ransoms” and doesn’t like to see companies pay the ransom because, the old law of supply and demand just means that ransomware is more profitable and, therefore, we see more of it. 62 more words
TAKEAWAYS: If your company intends to limit its employees access to certain information on the company network, (1) make sure appropriate technological restrictions are in place and are working; and (2) make sure there are appropriate policies or other documentation in place to show the employees subjectively knew it was off limits. 614 more words