Caesars reportedly paid millions to stop hackers releasing its data | It’s the second Las Vegas casino group to be attacked this week.::Caesars Entertainment reportedly paid “tens of millions of dollars” to hackers who threatened to release company data.
If hackers are gonna extort, I definitely prefer it’s the casinos they’re extorting
I wonder if this is a good decision - you have to be very afraid of the publication of this data to pay millions to blackmailers without being sure that they won’t be at your door again soon.
Removed by mod
So it is because you guys invaded people’s privacy by having data you don’t even need to operate?
Sounds like a sad excuse.
Removed by mod
Sadly this will probably not change unless attacks become so frequent that paying the ransom is more expensive than hiring competent people and teaching them proper opsec.
It’s bound to happen at some point, but I wouldn’t hold my breath.
Removed by mod
Thanks for that Insight, the last time i was in Vegas was about twenty years ago and i honestly had no Idea why a slot machine has to be online.
Removed by mod
User being phished doesn’t leak the company’s database though.
I think “user” in this case means “employee”. Phishing is by far the most common point of entry.
Removed by mod
It’s becoming the standard to just pay the ransom. Many large companies have a cybersecurity insurance policy anyways. Plus on the hackers side, they have a reputation to maintain. If word gets out that a specific group isn’t decrypting after payment, they will be less likely to get paid in the future.
This isn’t a crypto locker hack though where you can verify pretty immediately if they’re going to keep their word by them decrypting your data.
In this case the hackers actually physically have the data and are threatening to make it public if you don’t pay.
There’s no way to verify that they will never release it once you pay them. They could just sit on it for years after getting paid and then come back and say pay up again or they’ll release it.
Which is kinda what’s happening now!
And this is why you don’t negotiate with terrorists.
It also makes you wonder WHO the hackers are.
Are they a national group? A competitor? Another casino?
Or
A foreign government or a foreign entity … which begs the question … if it came to light that it was a hostile government … would it be classified as an act of provocation or even war?
For hacking a casino? A private business unrelated to any US domestic or foreign interests?
Not a chance in hell it would be an act of war. Businesses get hacked by China, Russia, North Korea, and Iran all the time. Hell, China hacked the US Office of Personnel Management and stole the security clearance records for 22 million people in 2015 and even that wasn’t declared an act of war.
If an adversarial government hacking the US military and stealing security clearance records isn’t an act of war, a bunch of rich mobsters having their casinos hacked sure as shit ain’t.
Removed by mod
That, or are very sure that you have deep enough black market connections to shake the thieves down.
Paying these ransoms should just be illegal.
Why?
Incentive. Now it’s a business.
I don’t think it would stop them, but I guess it could be tried.
If it’s important enough people would pay anyway (maybe in a more hidden way but nonetheless would pay).
If they can’t get anything out of it, then they are just wasting their time with the chance of getting caught.
They will stop soon enough.
Yeah… like making it illegal to buy drugs. It always works so well.
well I think we’re all in favor of opening rehabilitation clinics for rich corporations that decide to cut corners.
