I personally think that anything like a breach or ransom situation should be reported and not covered up.<br><br>It's up to the board of the company to decide whether to negotiate or not, you can always weigh in with a recommendation though.<br><br>Also on top of that, if you do engage as a none director (assuming IT sysadmin role) you're now liable I believe?<br><br>At the end of the day though, it's probably likely that paying will result in more ransoms.<br><br>--Karl <br><div class="gmail_quote"><div dir="ltr">On Fri, 23 Sep 2016 at 12:49, Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com">paulwilkins369@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Obviously it would be deplorable for anyone in a position of authority (eg. company directors) to countenance making payments to extortionists. Cyber extortion is a business, and if through the company's and the directors incompetence they have become exposed, they should suck it up. I'm appalled anyone would actually consider allowing their company's reputation to be drawn within the gravity of a criminal business model. And we won't advise our customers of the breach, no, we'll just quietly keep our heads down and not admit we've exposed customer data to criminal enterprise.<br><br></div>Kind regards<br><br></div></div><div dir="ltr">Paul Wilkins<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 23 September 2016 at 10:18, James Warne <span dir="ltr"><<a href="mailto:jwarne@vigilant.it" target="_blank">jwarne@vigilant.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" link="blue" vlink="purple" lang="EN-AU">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">I used this service called Dr Web to remove the decryption from a Friend’s parents computer.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Ended up being about $200 AUD and got everything back…
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><a href="https://support.drweb.com/new/free_unlocker/for_decode/?lng=en" target="_blank">https://support.drweb.com/new/free_unlocker/for_decode/?lng=en</a>
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext" lang="EN-US">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext" lang="EN-US"> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>Matt Richards<br>
<b>Sent:</b> Friday, 23 September 2016 6:28 AM<br>
<b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] Ransomware...<u></u><u></u></span></p>
</div>
</div><div><div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><br>
What's wrong?<br>
<br>
<a href="http://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html" target="_blank">http://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html</a><br>
<br>
"Yes, the hospital paid the ransom. No, the hackers didn’t decrypt the files—at least it was described as not returning “full access to the files.” Instead, the attackers asked for another ransom."<br>
<br>
That's what's wrong.<br>
<br>
Matt.<br>
<br>
<br>
On 23/09/2016 5:03 AM, Skeeve Stevens wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">What's wrong with negotiating? I've had a couple of customers talk down Ransomware attacks to about half the price.
<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">If you need the data (no backup, can't restore), what's the harm in asking?<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><br>
...Skeeve<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><u></u> <u></u></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif">Skeeve Stevens - Founder & The Architect</span></b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif"> - eintellego Networks Pty Ltd</span><span style="font-size:9.5pt"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif">Email: </span><span style="font-size:9.5pt"><a href="mailto:skeeve@eintellegonetworks.com" target="_blank"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif">skeeve@eintellegonetworks.com</span></a></span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif"> ;
Web: </span><span style="font-size:9.5pt"><a href="http://eintellegonetworks.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif">eintellegonetworks.com</span></a><u></u><u></u></span></p>
</div>
<div>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif">Cell <a href="tel:%2B61%20%280%29414%20753%20383" value="+61414753383" target="_blank">+61 (0)414 753 383</a> ; Skype: skeeve ; LinkedIn: <a href="http://linkedin.com/in/skeeve" target="_blank">/in/skeeve</a> ; Expert360: <a href="https://expert360.com/profile/d54a9" target="_blank">Profile</a> ;
Keybase: <a href="https://keybase.io/skeeve" target="_blank">https://keybase.io/skeeve</a><u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Thu, Sep 22, 2016 at 10:58 PM, Kristoffer Sheather @ CloudCentral <<a href="mailto:kristoffer.sheather@cloudcentral.com.au" target="_blank">kristoffer.sheather@cloudcentral.com.au</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Rule #1 - never negotiate with terrorists.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div class="MsoNormal" style="text-align:center" align="center"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<hr align="center" size="2" width="100%">
</span></div>
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From</span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">: "James Hodgkinson" <<a href="mailto:yaleman@ricetek.net" target="_blank">yaleman@ricetek.net</a>><br>
<b>Sent</b>: Thursday, September 22, 2016 10:56 PM<br>
<b>To</b>: "Michael Bullut" <<a href="mailto:main@kipsang.com" target="_blank">main@kipsang.com</a>>, "Australian Network Operators Mailing List" <<a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a>><br>
<b>Subject</b>: Re: [AusNOG] Ransomware...</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Nuke the machine, restore from backup.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Pub?<br>
<br>
James<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">On Thu, 22 Sep 2016, at 22:45, Michael Bullut wrote:<u></u><u></u></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Greetings Team,<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Anyone that has succeeded in eradication without sending a ransom? <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Warm regards, <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Michael Bullut.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">---<u></u><u></u></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Cell:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <i>+254 723 393 114.</i><br>
<b>Skype Name:</b> <i>Michael Bullut.</i><u></u><u></u></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Twitter:<i>
</i></span></b><i><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="http://twitter.com/Kipsang/" target="_blank">@Kipsang</a></span></i><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Blog: </span></b><i><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="http://www.kipsang.com/" target="_blank">http://www.kipsang.com/</a></span></i><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><u></u><u></u></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif">E-mail:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<i><a href="mailto:main@kipsang.com" target="_blank">main@kipsang.com</a></i><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><i><span style="font-size:9.0pt;font-family:"Arial",sans-serif">---</span></i><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><u><span style="font-size:9.0pt;font-family:"Arial",sans-serif">_______________________________________________</span></u><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">AusNOG mailing list<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><u></u><u></u></span></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<u></u><u></u></span></p>
<p><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.<br>
<a href="http://www.mailguard.com.au/mg" target="_blank">http://www.mailguard.com.au/mg</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
<a href="https://console.mailguard.com.au/ras/1PiQVdD2wb/EO2vpAoqT19a9Dnr06wpm/0.212" target="_blank">Report this message as spam</a> <br>
<br>
<u></u><u></u></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<u></u><u></u></p>
<pre>_______________________________________________<u></u><u></u></pre>
<pre>AusNOG mailing list<u></u><u></u></pre>
<pre><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><u></u><u></u></pre>
<pre><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><u></u><u></u></pre>
</blockquote>
<p><u></u> <u></u></p>
</div></div></div>
</div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div>