alt Hacker NewsCoincidentally and Interestingly, again, I was reading an old thread from 2015 titled - ProtonMail pays $6k ransom, gets taken out by DDoS anyway
The top comment says -
"NEVER EVER PAY RANSOM MONEY. Please. Even if your business will suffer it will suffer a lot more if you do pay since now it is known you'll cave. Also: you are making the problem larger for others."
The top response to that comment says -
"From their blog: https://protonmaildotcom.wordpress.com/ At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself. The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail.
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom. "
Full thread here -
Replies
> "NEVER EVER PAY RANSOM MONEY. Please. Even if your business will suffer it will suffer a lot more if you do pay since now it is known you'll cave. Also: you are making the problem larger for others."
These days, companies try to mitigate the reputational harm associated with paying the ransom by instead paying security firms that "specialize in ransomware recovery" and claim to have "proprietary trade secret means of decrypting their clients' files". These firms always just happen to charge more than the cost of the ransom for their services. They then provide a non-itemized receipt, and both parties walk away happy and without having to admit to anything. Here's a good article on this practice if you're interested. https://features.propublica.org/ransomware/ransomware-attack...
Most hackers actually keep their promises if paid the ransom, nowadays.
It sounds perverse but the incentives require it: if payment didn't bring resolution, no one would pay. As a result, all of the big gangs avoid scamming.