EPISODE 69
More Reasons to Not Pay Ransomware Demands

EP 69: More Reasons to Not Pay Ransomware Demands

Our bi-weekly Inflection Point bulletin will help you keep up with the fast-paced evolution of cyber risk management.

Sign Up Now!

About this episode

December 22, 2020

We have some insightful updates on ransomware trends, along with an OFAC reminder from the US government, to give you yet more reasons not to pay cyber-attackers who encrypt your data. Learn with Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

Tags:

Episode Transcript

Kip: Hi, I'm excited to share that we have a new, free bonus just for you.

Jake: We've started publishing our very own quarterly Cyber Risk Management Journal. It's loaded with over 30 pages of useful content taken directly from our podcast. Here's how we make each new edition.

Kip: So we start by transcribing the four or five episodes that we've published in the previous three months.

Jake: Next, we send our editor and designer the transcripts and our supporting materials for those episodes.

Kip: Then they revise all the text. They put clickable links in for all the resources and they create the best look and feel for each episode.

Jake: And finally we, Kip and I, make sure the finished PDF is ready for you.

Kip: So download the current edition now. All you have to do is b.link/crmj. That's the letter B dot L-I-N-K forward slash C-R-M-J.

Jake: And if you like it, share it with your friends and encourage them to subscribe the Cyber Risk Management Podcast. Now on with the show.

Speaker 3: Welcome to the Cyber Risk Management Podcast. Our mission is to help you thrive as a cyber risk manager. On today's episode, your virtual Chief Information Security Officer is Kip Boyle and your virtual Cyber Security Counsel is Jake Bernstein.

Visit them at cyberriskopportunities.com and focallaw.com.

Jake: So Kip, what are we going to talk about today?

Kip: Hey, Jake. Well today we're going to return to one of our favorite topics to rant about. And of course, that's ransomware. And what's the rant? Well, the rant is don't pay the ransom. But today we're going to give you some important updates on ransomware trends, a new government action that is actually going to give you even more reasons not to pay.

Jake: This is great, Kip. This is a major issue for both us, I think. And for some reason, well not for some reason, the COVID-19 pandemic has really caused a spike in ransomware activity. And whether it's directly related to COVID is impossible to say, but no matter what, we know that the ransomware activity is way up.

Kip: It's way up. And some of the data that I've been looking up is suggesting that one of the reasons it's way up is because of a poorly secured remote access systems which are now becoming a major vector of ransomware delivery.

And why are they poorly configured? Well it's because a lot of organizations enabled a 100% remote work force overnight or back in the spring thinking that it was only going to last for a while. And now it looks like it's going to last for a long time. But they haven't gone back to clean up their quick and dirty implementations. So that's what I'm seeing.

Jake: Yeah, and that would do it. And I think one of the overall themes of our podcast is really summed up by the title of your book, Fire Doesn't Innovate. And the fact that cyber is a dynamic risk. And I think this shows, more than anything, just what we mean by that.

This is illustrative of that point because what we're seeing is the bad guys, the world just had an unprecedented event that caused, as you said, work from home to be implemented virtually overnight.

And it didn't take the bad guys very long at all to adapt to that new reality. And that's what why we're seeing this is this is really just an adaptation and proof and evidence of cyber as a dynamic risk.

Kip: Yeah absolutely. When I talk to senior decision makers at companies that I work with, I liken these cyber attackers to a competitor because it's a similar enough thing for a senior decision maker to find out when they start looking at their news feeds in the morning that new competitor has emerged.

And maybe that person has just launched a brand new product and it makes your product seem not as attractive anymore. And so now you've got to innovate your products and services so that you can keep up with your competitors.

And I think that's a much better mental model for thinking about cyber attackers and how they innovate these days. I think it's way more useful than to call them hackers because the mental model that people seem to have for a hacker is going to be David Lightman from War Games, 1983 Hollywood movie. Or maybe the guy from-

Jake: Mr. Robot.

Kip: Yeah, Mr. Robot, Elliot Alderson, thank you for giving me the assist there. Again, a young man who is socially disaffected and that just came out. Like that series just came out. But you really, I mean other than the fact that the circumstances are, the setting's a little different and the technology's different.

I mean it's basically the same story and it hasn't changed since 1983. So yeah. So when you think about ransomware, think about a competitor. Don't think so much about a hacker and I think it will help you.

Jake: It will. And I think that's a really good point. And I think one of the reasons that we're doing this episode is that we're both really concerned about the number of people who are paying, but also about the number of people who are beginning to think of ransom payments as just another cost of doing business.

And I think that's one of the most dangerous developments in ransomware. And the reason is that there's a lot of reasons not to pay, but what would you say, Kip, in your mind, is the biggest single reason not to pay a ransom?

Kip: Well, so as I thought about our episode today, I wanted to acknowledge something before we really start to dig into this which is when I was going to college, I took a microeconomics course and I took a macroeconomics course.

And I enjoyed those courses. And what it informs me about this issue because I think most people when they're faced with a ransomware attack. And the question of whether they should pay or not, I believe that they're thinking in an microeconomic way which is how does this affect me? How do I get out of this as fast as possible?

And even the insurance companies are taking a very microeconomic approach to this. They're concerned about their insurance models that say we have to collect this much premium in order to be able to pay out this many claims.

And they're trying to balance that algorithm. And so it's all very self centered and self focused. But there's a macroeconomic perspective here that I don't hear a lot of people talk about which is super important.

And so when I think about reasons to not pay, most of those reasons are in the macroeconomic setting, although there are some microeconomic items as well.

So I just want to acknowledge that there's at least those two different ways of looking at it. There's probably other ways of looking at it and we'll talk about that.

But I think one of the biggest reasons why you shouldn't pay ransom, and this is a microeconomic-esque way of looking at it is you're not always going to get a key, right? You give them the money and they're not always going to deliver a key after they collect the payment.

And we're seeing this more and more. And so you just can't be sure that you're going to get an easy button solution to this.

Jake: And I think that's part of the risk. I think for me the single biggest reason not to pay is that it encourages more ransomware.

Kip: Well, right. And that's more of a macroeconomic thing, right? That's a bigger picture thing. That's more of a, you might want to say, well that's an online community way of thinking about it, right?

Like how does my individual decision affect the online community? And when we talk about things like protecting the environment of the earth, right? There's the pretty famous saying like think globally, act locally. Well I wish we could import that saying into this conversation because you're absolutely correct that so what's going on?

You make your payment. Let's say you get the key. You decrypt your data and you're back in business, right? And so for you, this just became another business expense, right? Just another line item.

And so you just want to get back to business. But in the bigger scheme of things, what happened is, and we're going to talk about this later in the episode. We're going to deep dive the bigger geopolitical implications of this.

But the economic implication is that you've just transferred money to an organization that specializes in attacking people. And they're going to use that money just the same way that you use it as a senior decision maker. You're going to allocate some of that to payroll costs. You're going to allocate some to rent for your facilities.

And just think about all the different expense line items that you are using revenue to satisfy. Well, the attackers are doing the same thing. And one of the things that they're doing with that ransom money is they are funding research and development.

Don't think for a second that they do not have a sophisticated laboratory full of all the commercial products that we use to try to keep them out. And that they are testing them day and night to find out their weaknesses so that they can exploit them.

They're watching us. They're watching us create work from home programs on a moment's notice. They know exactly which products we use to do that. And don't think that they don't have a laboratory where they are constantly firing digital bullets at all these products that we use to figure out how to get in.

So you're funding more attacks, that's how it happens. And their cost of goods sold is pretty low. They're working in countries where the labor rates are not that high. And they're not paying taxes, by the way.

Jake: Something that just occurred to me as you're describing this is I wonder if we're doing ourselves a slight disservice by thinking of these criminals as businesses. And the reason I bring that up is I'm thinking what is the fundamental core reason that we don't negotiate with terrorists, right?
That's a federal government level decision that has been made for a very long time. And the reason is actually not that ... It's pretty simple. If you negotiate with one terrorist, you create in other future terrorists the idea that oh, the government, they might actually negotiate with me.

Kip: Right.

Jake: And the problem with doing that even once is that you actually do encourage more terrorist attacks. And we need to, while you are 100% right that ransomware purveyors should be looked at competitors and R&D like a business, I don't want to lose sight of the fact that fundamentally, they're actually just terrorists. They're criminals.

Kip: Right, they're extortionists.

Jake: They're extortionists.

Kip: There's a lot of great levels.

Jake: They're bad people doing a bad thing. And we shouldn't normalize it. And I think a good example of this is a typical consequence of negotiating with criminals which is they lie.

So I can't name names obviously, but we are handling a recent ransomware attack. Really what we're handling is the aftermath.

Kip: So your law firm is, right?

Jake: Yeah, law firm is. And notification and the like. That the victim was ... The bad guys demanded something like 1.6 bitcoin which is not a huge ransom, by the way. But of course, this was a small business and the business says they "negotiated down" to .8 bitcoin which seems like a victory.

Kip: 50%.

Jake: 50%. And well they send the key over. So they pay, they send the key over. The key worked. The key did work. But guess what, Kip? It turns out that 70% of the decrypted files had a second layer of encryption. And they didn't ... Guess what the bad guys said? We want another .8 bitcoin for the second layer of encryption.

And believe it or not, the victim was like, "But we just negotiated for ... You said that you would get this."

Kip: You gave us your word.

Jake: I don't understand this feeling of outrage when you negotiate with a criminal who is holding you hostage and then you're surprised when they don't abide by their word.

Kip: Yeah.

Jake: These people are terrorists. We don't negotiate with terrorists.

Kip: Yeah.

Jake: They're not a business. Yes, they invest money in R&D, but we should not normalize it or think about it. And this episode is designed to give you another really important reason. And I want to talk about that quickly and then we can come back to reactions.

But Department of Treasury, the U.S. Department of Treasury, has a component of it called the Office of Foreign Assets Control, OFAC. And OFAC maintains this big old list. And it's called the Specially Designated Nationals and Blocked Persons List, usually abbreviated as SDN list.

And what it is, is a list of entities and individuals and even whole countries or regions that are basically sanctioned for various reasons.
And the important thing to know is that on effective October 1st, 2020, the Department of Treasury OFAC issued an advisory on potential sanctions list for facilitating ransomware payments.

And this is really targeted not just at the victims who decide to pay ransomware, but also all of the institutions that are responsible for facilitating those payments. Which means, in large point, financial institutions, insurance companies, even cyber security firms that assist with negotiating could fall into this category.

And what OFAC is saying is look, it is illegal to pay money to people on the SDN list. And if you do it, you may actually open yourself up to government sanction. Which means that in addition to paying the ransom, you're going to have to pay a civil penalty to the government for funding national security threats.

And I think this is a huge development. I think one of the things that we have said over time is that the only way you're going to decrease ransomware attacks in any given country is if people in that country stop paying the ransom. Otherwise-

Kip: Right, if there's no market then you can't sell it.

Jake: Right. And again, that's a useful metaphor. But again, I don't want us to normalize this activity as being a product.

Kip: Yeah, I don't either. But we cannot ignore the fact that there are very, very basic market forces in action here. And if we're smart and we pay attention to them without falling into the trap of normalization, I think it can help.

Jake: I agree. I mean I think that's true of a lot of criminal activities though, right? I mean really all criminal activity, particularly organized crime falls into there are basic economic forces. Supply and demand. I mean drugs, prostitution, everything is subject to this.

Kip: Yeah, black market.

Jake: Black market. But I think in some ways, ransomware is most similar to that most ancient of criminal activities, the so called protection payment where you literally send thugs around a neighborhood, demand payment so that people's stores don't get destroyed or damaged.

Kip: Yeah, it would be a shame if this nice restaurant should have something to happen it.

Jake: I mean isn't that truly what ransomware is, just high tech?

Kip: It is. Yeah, it absolutely it is.

Jake: It is. That's what it is.

Kip: And people have heard me say this, right? This is like Tony Soprano gets digitally literate, right? And puts his gang on the internet. It's the same thing digitized.

Jake: It is. It really is. And I think that because of the sanitized distance that the internet creates, I think it really boosts the misconception that this is just the cost of doing business. And I see that ... You mentioned something about insurance companies looking at it as a microeconomic level.

And I think nowhere is that more true than with some insurance companies response to ransomware which is they will prefer to pay a ransom in order to avoid a business interruption insurance claim.

Kip: Right, right.

Jake: Which from a purely microeconomic level makes a certain amount of mathematical sense.

Kip: Would you rather pay a million dollars? Or would you rather pay 40 million dollars?

Jake: Exactly.

Kip: I mean when you strip it all down, right? That's what that option is, that microeconomic option. And so yeah, I get that. Now I want to point out something that I think is super helpful here. Although I'm not trying to legitimizing the cyber attackers, it is so helpful to put faces and names to them.

Because I think you asked a question earlier on, why is it that somebody who negotiates a ransomware payment gets stunned when the criminal, the attacker doesn't abide by the agreement, right?

And I think part of the reason is because you never see them, right? There's no face. You don't really know who you're dealing with. It feels very antiseptic. And it's like going to an ATM and just getting some money out.

And so you just, the whole personal element is missing. Because I guarantee you that if people were coming into your storefront with a gun and said, "I now have control over all your computers, slide a million dollars across the counter and I'll give it back to you." The howls of outrage would be heard everywhere.

But because this happens over the internet and it's fairly anonymous, there's just a completely different reaction. But I love-

Jake: I think that's a good point.

Kip: I love in the letter, in the Department of Treasury letter dated October 1st which you've just been talking about, there's a section in there. And it's called OFAC Designations of Malicious Cyber Actors. And it's on page two and I love this because it actually talks about specific named either individuals or groups that are conducting cyber attacks.

And it talks about when those people were put onto the do not do business with list that we've been talking about. And so I would encourage people to go and take a look at this because first on the list is our good friend the Millennial Mobster Bogachev.

And Bogachev is a guy who lives in a country that has no extradition treaty with the U.S. He's stolen over 100 million dollars from banks. And he's the guy behind the crypto locker virus.

Jake: Which at this point is ancient history.

Kip: It is ancient history although it has progeny, right? There's other strains of malicious code going around now that are based on that.

But December 2016, right? So over four years ago. Then there's a ransomware called SamSam that actually targeted the city of Atlanta, the Colorado Department of Transportation and so forth.

Well that was attributed to Iranian hackers, right? So there you go. There's a couple of faces to that one. WannaCry which spread in 2017, well that was Lazarus Group which is North Korea.

And I really want to focus on this because why is North Korea propagating ransomware? It's because they have been economically isolated but they need money to continue to develop their nuclear weapons program.

When you get ransomwared and you want to pay the ransom, you need to realize that there's a chance that you are actually sending money straight into the North Korean treasury which will then be turned around and used to develop nuclear weapons which will be then used to threaten western countries or anybody they don't like. So there's a real connection here to really bad things.

Jake: Yep, and don't forget about Evil Corp.

Kip: Yeah.

Jake: Evil Corp is a Russia based cyber criminal organization. They were listed in December 2019 based off the development and the distribution of the Drydex malware. And I think, I like the idea of adding names and faces to these ransomware things.

Because you're right. If you're on the internet and you just get a ransomware attack notification, it can almost feel like well, this is just a part of using computers in the modern world.

Kip: Yeah, like this is your notification that you need to resubscribe to your malware lists, right? To keep your anti-malware thing going. Or hey you need to install this security update. I mean it just feels like any other random notification that just pops up on your screen.

Jake: Exactly. And I think that this OFAC guidance, which by the way just so people are clear, this OFAC memo is specifically not a change in the law or nor does it have the force of law. What it is, is a warning. It really is a warning that says look, we have this power. We've been using it. We will use it more. We don't want you to fund our national, threats to national security. And this is the process we have in place to help prevent that.

Kip: Yeah. So I really applaud this. I think this is good. I know it's going to cause a lot of disruption for people because I totally understand the urge to just pay the ransom and get on with it.

But you know what? There's lots of people who have chosen not to pay the ransom for various reasons and they get on with their lives anyway.

Of course, the best thing, right, is to have ransom proof data backups so that the whole thing is moot, right? And I want to spend a moment unpacking a little bit like some other very, very specific, tangible reasons for why you should not be paying the ransom.

Like some of the things that can happen to you, we covered one case, right, where you pay the ransom and then you get a key but then it turns out you have to pay to get another key. That's one variation of something that could happen to you.

But there's other things that could happen to you if you pay the ransom. And there's some things that can happen to you even if you do pay the ransom that are not good. So it's not as clean of a situation as you might think it is. Pay the ransom, get back to business. It's not that simple. So Jake, can I walk through some of these things?

Jake: Please do.

Kip: And you can weigh in, right?

Jake: Let's get some ranting and raving on this, yes.

Kip: Okay. So all right. So I went off and I found Proofpoint State of the Phish report which came up this year. And they did some research on ransomware infections. And I should also mention before I go into this that there's another report out there from Coalition which is an insurance company. And they did research too.

And they saw that ransomware attacks grew by nearly 50% in 2020 in the second quarter compared to the first quarter.

So think about that, right? First quarter, January, February, March. Second quarter, April, May, June. That's when everybody was slamming remote work from home programs into place, 50% increase in ransomware attacks, right? So just I want to put a number on that.

But here's the thing, Proofpoint. So they found that more than 50% of people who had a ransomware infection decided to pay the ransom. So more than 50%. They didn't say what the actual percentage is. But more than half, right?

And according to their data, 70% of the people who paid got their data back. That is the decryption keys work.

Now I ant to stop right here and say that cyber attackers are super smart. They will get into your organization days or weeks ahead of pulling the trigger on the ransomware attack.

One of the things that they do while they're in there, aside from compromising your data backups, is they're going to research your finances. And they're going to discover how much ransom you can actually afford to pay.

And they're going to know, without a shadow of a doubt, how much cash you have on hand, how much you have in accounts receivable and any other access to liquid assets. They're going to know all that when the ransom demand comes.

Jake: But why is that important, man? Why is that important for the ransom demand, Kip?

Kip: Because when the ransom demand comes and you think you can negotiate with these folks and that you can faint destitute finances, it's not going to work, right? They're going to know and you are going to have no leverage in that negotiation.

Jake: Well and let me again briefly interrupt and explain the other reason that I was thinking of when I asked that question which is it's very similar to, it's really no different than the calculus you have to do when you're in a lawsuit or when you're a regulator and thinking about imposing fines and penalties or seeking money.

If you create what I call bet the company litigation risks, then you've really provided every incentive to just fight and zero incentive to settle.

And the ransomware, these ransomers are really just doing the same thing. They're looking for the number that you will actually consider paying that is not so low that they're not going to make enough money off of you, but that isn't so high that you're going to really dig in.

And I mean it's a really basic negotiating strategy for certain things is that you just can't ... If someone were to ransom my personal computer and say, "Give me 10 million dollars or you're never going to get your data back." That isn't even a ... It's pointless, right? Like I don't have 10 million dollars as an individual to pay for my computer, right? It's just not going to happen, right?

Kip: Right, it's not a credible threat.

Jake: It's not a credible threat. I mean or even if it's real, I mean there's no chance they're going to get paid, right? It's not possible. But if they say, "Give me 500 to unlock all your family photos that you've kept foolishly on this single hard drive without any backups." Honestly I would consider it, right?

Kip: Right. If you had-

Jake: I really would. And that's old school ransomware where they targeted individuals. Now they're obviously going after much higher value targets, but it's the same, exact principle, right?

Kip: It's really funny for me to sit here and think about the good old days when it was just attacks against individuals and 500 dollar, 300 dollar payments. I mean that's what it was.

Jake: Yeah, well how quaint, right? How quaint?

Kip: Yeah, yeah.

Jake: And is it any surprise that they figured out gosh, why are we wasting our time on individuals and 500 dollar ransoms when we can infect a hospital network?

Kip: Right.

Jake: And people will die unless they pay the ransom.

Kip: And people have died.

Jake: And people have died if-

Kip: And we've got a recent news story about the German police that have filed manslaughter charges against a John Doe because there was a patient that was redirected in an ambulance from a hospital that had been crypto locked. And then that patient died before they could reach medical services at a different hospital.

Jake: And we're fooling ourselves if we think that's not going to happen over and over and over again.

Kip: Right, well think about it, right? So there's a trend here. There's a trend of attacking individuals. Now there's a trend of attacking organizations. I mean this trend is going to continue, right? They're going to keep figuring out new ways to compromise us and then jack up the ransoms and really get us in trouble.

Let me tell you. Back to the Proofpoint State of the Phish report. Let me tell you what happened to the 30% who paid the ransom and didn't get their data back, right?

So 22% of those people never got access to their data. So they paid the ransom and that was it. Like there was no second demand. They didn't even get a percentage of their data back the way you described in the case that your law firm is handling right now.

Some of them paid the ransom and then got a second ransom demand which is what you talked about. Some organizations paid the second ransom demand and got access to their data. But most organizations walked away with nothing at this point because they refused to pay a second ransom and so that's where they ended up.

Now so those are some of the things about that can happen if you get an attack and you decide to pay. Some of the down sides of paying, right?

But even let's say you pay the ransomware purveyors are completely honoring of their agreement. They return a key to you. You unlock everything. Here's the thing. You don't know that those attackers are off your network. You have no way to know, right?

Jake: You have to assume they aren't.

Kip: ... That they're gone. You have to assume that they're still there, right? That just because they've given you a key to unlock your data doesn't mean that they've released their grip on your network. However they got in there the first time, you don't know that they've all of a sudden said, "Okay, we're out of here. Go ahead and lock the doors. We'll never come back."

You don't know that they didn't take all the sensitive data that they can get their hands on. Because let's think about it, they had full access to your data in order to encrypt it.

Jake: Full access. They had full access.

Kip: That means full access.

Jake: Full access to your system which means they could have easily installed the back door as well.

Kip: That's right. So they can take your data with them, either before you pay the ransom or after. So you've lost control over all your data. You don't have full control over your network even though your data is now unencrypted.

You have no guarantee that they won't be back for another round of attack, especially if they have access to your network and they watch you and they watch your finances recover, they'll come back next year. Tony Soprano would. Scarface would, right? Why wouldn't these guys?

Jake: Well look, I mean protection payments are not a one time thing.

Kip: No.

Jake: I mean that's the whole point of protection payments is they get you and then they stay.

Kip: That's right, that's right.

Jake: If you stay and show a willingness to pay that protection racket, you're on the list. And you just continue to stay on the list. And I think-

Kip: You've given the bully your milk money. That bully will be back.

Jake: I mean maybe we just haven't ranted about this enough as in a profession, but like really people do not pay the ransom.

Kip: inaudible

Jake: And here's the thing that really gets me is that obviously this whole podcast is about cyber risk management. And I understand how difficult it is. We really do get how hard it is to manage all conceivable cyber risks.

And we understand too that malware protection is hard. The thing about the ransomware epidemic is that it's one of the few forms of cyber attack that there's almost no excuse to not be at least somewhat prepared. Backup. This is largely a backup strategy, an execution problem.

And it is you don't even really need to worry about the bad guys. This is all on us, right? We could with discipline make ransomware, at least the current strains of ransomware, fairly ineffective.

Now obviously the bad guys know this. As we say, it's a dynamic risk. If enough people have good enough backup strategies, then as we just said, this malware already has full access to your systems in order to run its encryption protocols.

They'll just change what they're doing. Ransomware was simple. It was straightforward. We're going to see, I'm sure we will see future ransoms that we different.

In fact we already have, right, Kip? There's already examples of ransomware strains that encrypt but they ex-filtrate before they encrypt which means that the bad guys say, "Hey look, here's the ransom demand. Now be aware that if you don't pay in order to get the data back, we're going to release it."

So now you've got an even harder choice. And these are harder. I fully admit that those are harder situations to deal with. And they are, in many ways, qualitatively different than a "simple" ransom only type encryption.

But this episode is starting to run long so we should go ahead and stop.

Kip: Yeah, well I just want to wrap up with one more thought which is, and you've broached this just a moment ago. How do you stop ransomware attacks from ever happening?

Well one of the things very clearly is you need to have ransomware resistant data backups. But actually back on September 29th, we actually did an episode of our podcast. And it was a quick look at the essential eight mitigations from the Australian Signals Directorate.

And that is the best way that I know and is what I recommend to all my customers, that's the best way I know to decrease the risk that any malicious code is going to get on your network, not the least of which would be a ransomware piece of malicious code.

So that's what I think people need to start doing is making the delivery of a piece of malicious code on your network irrelevant. Like the fact that that file is there doesn't mean anything because no computer on your network will actually run it. That's, I think, the Holy Grail here. I don't think it's that far off for people who are committed.

Jake: I think that's great.

Kip: So in the next episode, we're going to dive a little deeper into the Coalition report that I mentioned. And we're going to look a how ransomware is now a top cyber insurance claim. And we're going to unpack that a little bit more so that we can understand what's going on there. And that wraps up this episode of the Cyber Risk Management Podcast.

And today we went on a ransomware rant as we are want to do. To explain again why nobody should pay these ransoms, thanks for being here and we'll see you next time.

Jake: Yes, and we'll do it again as necessary but we'll see you next time and it's for the time being.

Kip: Yeah, all right, see you.

Jake: Bye bye.

Speaker 3: Thanks for joining us today on the Cyber Risk Management podcast. Remember that cyber risk management is a team sport so include your senior decision makers, legal department, HR and IT for full effectiveness. So if you want to manage cyber as the dynamic business risk it has become, we can help.

Find out more by visiting us at cyberriskopportunities.com and focallaw.com. Thanks for tuning in. See you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle is a 20-year information security expert and is the founder and CEO of Cyber Risk Opportunities. He is a former Chief Information Security Officer for both technology and financial services companies and was a cyber-security consultant at Stanford Research Institute (SRI).

YOUR CO-HOST:

Jake Bernstein

  Newman DuWors LLP

Jake Bernstein, an attorney and Certified Information Systems Security Professional (CISSP) who practices extensively in cybersecurity and privacy as both a counselor and litigator.