Troy Hunt discusses the growing trend of companies paying ransoms to hackers threatening to leak stolen data. He expresses concern about the normalization of ransom payments and the use of euphemistic language — such as Instructure's claim of 'reaching an agreement with the unauthorised actor' — that obscures the criminal nature of extortion. Grafana recently took the 'no pay' stance, but Hunt observes that 'pay or leak' is increasingly becoming the norm, along with absurd claims like data being 'returned' after payment.
Sort: