Would You Pay Extortionists?

CmdrTaco posts on SlashDot:  “A friend works as CIO at a medium sized publicly traded company. The company was contacted by a hacking group and told to pay $100,000 to prevent their company from being hacked/attacked. They actually paid the extortion (told authorities after). The authorities said the company could be charged with supporting Terrorists. Seeing that most publicly known hacks are costing companies this size nearly a million dollars, Is this supporting terrorists or supporting stockholders?”

What do you think about it?

I’m assuming that there actually was a threat, and not just an email saying “pay up, or else the network gets it.”  How credible was the threat?  Word will undoubtedly spread that they are easy marks, and they can expect repeat visits from the potential attacker and his friends looking for easy hand outs.  I’m also suspicious as to the real where-abouts of the 100k.  Who collected it?  Was it an insider?

Advertisements