Holding Documents Hostage Doubles As Nice PR Stunt
from the not-so-surprising dept
This story by the Associated Press seems bound to get a lot of attention, but you have to wonder if it’s really that well deserved. Some company apparently had some documents “held hostage” by a malicious hacker. Somehow, the hacker got onto their system, accessed their documents, and then locked them up by encrypting them. Along with it, he left an email address and a note demanding $200. It makes for a good story (how long until it appears as a storyline on a TV show or a movie?), but it doesn’t seem like that big a deal. First, it seems like an obvious next step for a malicious scammer who has accessed local documents. If anything, it’s surprising this hasn’t happened before. In fact, it probably has, but the AP didn’t find out about it. Second, if you protect your system and back up your data, this seems unlikely to be a problem. Still, now that it’s getting attention, based on one case (where the data was easily retrieved anyway) we’re bound to see more stories about it. Of course, the source of the story is (surprise, surprise) a security firm that is probably thrilled with the publicity. Oh right, that’s how PR works — especially among security companies. You make your name by getting the press to write about some little-known, low risk security situation that sounds scary, and make sure your firm’s name is plastered all over the story.
Comments on “Holding Documents Hostage Doubles As Nice PR Stunt”
My sarcasm filter wasn't sure
Mike, were you serious or being humorous with:
“…if you protect your system and back up your data, this seems unlikely to be a problem.”
You sounded serious, but I laughed my ass off at that. That’s fine for you and me, but an automated worm that did this would be a major problem for people who don’t have their systems properly protected to begin with — see the problem? Those people, most people probably, won’t have decent backups either.
I agree this is FUD hype mostly for now. I’m more worried that as it gets plenty of press it will be self-fulfilling, if it gives people ideas for a ‘better’ virus mousetrap. But if this were unleashed on a large scale, the need to route the money somehow would likely be the authors’ downfall.
Silly news story, but...
If your system is hacked, it’s not just a case of re-installing the backups of your data.
“More often than not, when your machine has been the victim of a cracker’s attack, the best solution is to completely reinstall the operating system, being sure to apply all relevant patches to the machine… I have many times been asked if a complete reinstall is absolutely necessary. The short and simple answer is “yes”. Once a machine has been compromised, there is virtually no way to know everything that a cracker did…”
How to Get Back to Business