Wave Systems Corp. (fka WAVXQ)

[Genz2]

Pay the ransom? Corporate lawyers say meeting some hackers' demands may be worth it

https://www.cyberscoop.com/ransomware-pay-hackers-worth-risk-lawyers/

Conventional wisdom says ransomware victims shouldn’t pay their attackers, but a panel of legal experts suggested Thursday that standing firm might not always be the smartest play in the real world.

FBI officials, corporate bigwigs and public sector security bosses in recent years all have advised their colleagues to keep their wallets closed when ransomware hits. There’s no honor among thieves, the logic goes, and even if you pay hackers to buzz off, who’s to say they will follow through on promises to unlock encrypted data? But there are scenarios in which small and medium-sized businesses should carefully consider their decision, Mark Knepshield and Matthew Todd said during a panel discussion at the Legalweek conference in New York.

“I would say, if it’s a small amount, pay it,” said Knepshield, a senior vice president at insurer McGriff, Seibels and Williams. “It’s likely just be the easiest way out of your situation.”

In a poll surveying Legalweek attendees, 86 percent said they would not pay a ransom if attackers threatened to publish stolen material online within 24 hours. That follows the traditional legal advice, with the FBI encouraging hacked businesses not to pay, in part because meeting extortionists’ demands could help thieves expand their operations.

“Law enforcement has to have a policy, and that has to be their policy,” said Todd, a principal consultant at Full Scope Consulting and a former chief security officer in the financial sector.

However the evolution of ransomware attacks over the past year has forced firms to reconsider, Todd said. Well-resourced criminal organizations have replaced comparatively low-level “spray-and-pay” operations. Those groups leave behind a trail of evidence insurers, attorneys and corporate security teams can quickly research to understand their chances of recovering stolen information.

“Like with the city of Atlanta, with the source code that was coming in, even if they had paid the ransom, I don’t think the individuals who launched the attack would have had the sophistication to be able to un-do the [encryption] keys,” Todd said. “You need to ponder it carefully.”

Paying small ransoms may also help frustrated security bosses avoid a browbeating from higher-ups who are more concerned with resuming business than examining the forensic evidence in the midst of an attack. Forfeiting $500 to hackers could hasten that process, and give the chief information security officers an out with his or her boss.

“Being cyber resilient just means being able to explain yourself to shareholders when something goes wrong,” said Roberta Sutton, who founded RAS Enterprise Risk Management services after working with insurers. “We got breached all the time [in the past] but we never reported them because [hackers] never walked out with any of the data, at least that we could tell.”
=================================================================
As a preventative measure the SED management solution from Wave and SEDs typically would be much more effective to use than waiting for a possible ransomware attack. And as indicated in the previous post, future ransomware attacks could be very much underestimated by the market. The cost of SED management and SEDs is reasonable and the benefits from the SED management with SEDs stopping ransomware are very high. The Wave SED management solution has many other benefits as well(see below). Wave has the added advantage of being able to manage SEDs/TPMs with many different manufacturers. I believe that having that capability under Wave is unique and very beneficial to a prospective client.
==================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management

Enterprises choose Wave to manage SEDs

Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.

SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.

Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.

Easy proof of compliance

Your encryption is only as good as you can prove it to be. To comply with most data protection regulations, your organization has to prove encryption was in place at the time of a potential breach. Wave provides secure audit logs to help you demonstrate compliance.

If you lose a device with a Wave-managed SED, there’s no wondering or guessing. You know encryption was on by default, and you can prove it.

No vendor lock-in

SED technology was created and standardized by a consortium of the best in the infosec industry, a standards body called the Trusted Computing Group (TCG). This means you can buy your drives wherever you want, from whatever vendor you want—any SED built to the TCG’s Opal specification can be managed by Wave.

No SEDs yet? No problem.

If your organization hasn’t yet deployed SEDs, you can skip the process of retro-fitting and simply incorporate SEDs on all new laptops as part of your regular refresh cycle. In the meantime, the same Wave console can manage BitLocker and SEDs, so you can protect the devices you have now with BitLocker and add those with SEDs as they are deployed. And if you’re using Wave’s cloud platform, you can also support OSX FileVault2.

Pick your platform

Wave SED management is available via the cloud or on-premise servers. Ask us for more details about which platform is right for your deployment.

Key Features:

Easy security compliance
• Active monitoring, logging and reporting of all user and device events

Data protection
• Local changes are prohibited
• Drive locking is supported in sleep or standby (S3) modes
• Manage clients inside or outside the firewall and on non-domain machines

Simplicity
• Everything is automatically encrypted—users don’t have to identify which data is sensitive
• Windows password synchronization and single sign-on
• Add or remove users remotely
• MMC snap-in is familiar and easy—less administrator training
• Role management allows delegation of tasks with customized or predefined roles.

No compromises
• Encryption is completely transparent to your users—they won’t even notice it's there
• Customizable pre-boot message at authentication screen