LexisNexis
If you wanted to, could you pay the ransom for a cyber attack?
04 October 2022 08:00
Alison Cripps, Legal Writer – Practical Guidance, Cybersecurity, Data Protection & Privacy
After nearly a week, the details of the Optus cyber attack are still unclear. At one point, it was thought that confidential data relating to 10,000 unlucky Optus customers had potentially been leaked by the now infamous Optus hackers. Passport details, dates of birth, addresses. All data leaked, purportedly in the open. To make matters worse, the hackers behind the Optus data breach were said to have announced that they would continue to leak the sensitive data of an additional 10,000 Optus customers each and every day for the next 4 days unless Optus paid their hackers a ransom of 1.5 million in cryptocurrency for the cyber attack.
That’s a lot of data.
Hackers are often crystal clear about their motivations for hacking. In many cases, they are doing it for ransom. But not the regular cash kind of money that you can stuff in a suitcase or bury in a vault. Hackers usually demand cryptocurrency. Cryptocurrency has obvious advantages for extortionists. The transfer of cryptocurrency allows criminally minded hackers to remain anonymous – likely untraceable. Which is an important requirement for criminal activities!
Organisations faced with a cybercrime like the Optus one, are often left having to decide whether to pay the ransom. The ACSC (Australian Cyber Security Centre) advises against paying ransoms. Payment of the ransom may increase an organisation’s vulnerability to future cybercrimes. In addition, there is no guarantee that payment will undo the data breach.
But for a moment let’s imagine that your organisation decides that your hackers are of the honest type (yes – honest hackers. That is, actually a “thing”) and that the risks of paying the ransom outweigh the risks of failing to do so. You cannot simply bring in your security experts to arrange a drop (James Bond style) or call the bank for an electronic transfer – you are going to need to make that ransom payment on the blockchain.
Yes. The blockchain.….so perhaps it’s not just trading enthusiasts who benefit from prior knowledge about trading on the blockchain.
For more information around the legal implications of blockchain and cryptocurrency, take a closer look at Practical Guidance, Cybersecurity, Data Protection & Privacy. Contact us for a demo or free trial here.
Related Articles
-
LexisNexis is giving you a chance to be the very first owner of the first ever Non-fungible token - NFT (that we know of) of “Practical Guidance on NFTs”. Yes, we are going to NFT the guidance note on NFTs! -
You may recall that a couple of weeks ago LexisNexis announced a creative and we think ambitious project – we are going to launch the first ever NFT of one of our Guidance Notes.
-
If we were to journey back in time to the birth of the crypto wallet, perhaps we would discover someone employing ‘poetic license’ behind their creation because, despite the name, crypto wallets do not contain crypto (which is kept on the blockchain) and nor are they ‘wallets’ in the traditional sense of the word.
-
We have all been there: That moment in a meeting when someone announces: “We should get our external lawyers to have a look at this”
Practical Guidance
Your one-stop solution for accurate legal answers from Australian legal experts. Tools, practically focused guidance notes, checklists, precedents, and training materials support and streamline your legal workflow.
LEARN MORE