General question
If a company pays a fee to a ransomware organisation, is that company guilty of knowingly aiding and abetting criminal activities thus making itself liable to criminal prosecution?
CDW, one of the largest resellers on the planet, will have its data leaked by LockBit after negotiations over the ransom fee broke down, a spokesperson for the cybercrime gang says. Speaking to The Register, the spokesperson, who uses the alias LockBitSupp, implied that during negotiations CDW offered a sum that was so low it …
The answer may vary by jurisdiction. There's a good Pinsent Masons article on this that any search will pick up. It is illegal in the UK if the demanding entity is on the OFSI sanctions list, my guess is that the ransomware gangs are sufficiently ill defined there's no prospect of proving a ransom was paid to a sanctioned entity.
I would think though that shareholders would have a case for breach of fidiciary responsibilities if directors pay a ransom - after all, it's then the directors spending shareholders money to sort out a mess caused by the directors failure to secure the data with which the company has been entrusted.
When not nicking stuff do they post cat videos? Recipes? Amazing how they stay up when useful stuff like Wikileaks got taken down.
Imagine if dodgy geezers in the past had had blogs. Peter Sutcliffe could have reviewed his murders and offered tips on dodging the old bill. Saddam could have had a gallery of potential human shields and asked users to vote on which ones to use. The official French Revolutionary blog - which would have changed hands quite frequently - could post Guillotine videos to scare the Aristos.
If I got a responce like this:
Its automatic email reply reads: "Thank you for contacting CDW. Your inquiry has been received and will be reviewed. Should there be a fit or an interest in engaging further, we will be in touch as soon as possible."
it would be "BURN BABY BURN"
you are not worth saving so I wont phone the fire service.
Ironically if you search for CDW ransomware attack, along with headlines such as this Reg article, you get a bunch of results from CDW's own blog such as :
- How to Increase Your Ransomware Recovery Capability - Work with an expert partner to learn how your organization can better prepare to recover from a ransomware attack
- Fend Off Ransomware with a Cybersecurity Recovery Program
- The Anatomy of a Ransomware Attack: 7 Steps to Prepare ...
If nothing else, this incident will somewhat dent their credentials as a trusted cyber security partner I would think. In a similar fashion to the way the house robots dent the amateur entries in robot wars ...