[eqvinox]

From a practical viewpoint, the question is simply whether the money multiplied by the chance of success is a better option than the money needed to rebuild.

But I'd rather compare this to a natural disaster you were ill-prepared for. A lightning strike or tornado can also wipe all your data. You can't negotiate ransom with nature. And giving in to ransomware makes it worse for everybody else since it makes ransomware financially viable. IMHO it needs to become socially unacceptable to be ill-prepared for a ransomware attack. I don't care if it was a 0day or whether your security was sloppy. It was your job to be prepared for this.

At CCC events you commonly find a sticker at the exchange tables that reads "Kein Backup, kein Mitleid" - "no backup, no compassion".

But the post makes a good point - you don't need backups. You need restore. Which takes time and is frequently ill planned. Sadly.

[jon-wood]

Ransomware really is the best possible kind of data loss, at least there’s a recovery path built into it.

On three occasions in my career I’ve been involved in events which led to large scale data loss. The first time the backups failed, and there was no recovering from it, ever since then I’m religious about testing backups. If you’re in a position to just restore from offsite backups not only can you just flip the bird to people trying to ransom your data, you’re also in a good position to deal with anything else, up to and including the data centre containing all your servers being burnt to the ground.

[TheJoeMan]

That multiply $ x time is the same argument why the Ford Pinto was shipped with an exploding gas tank - cheaper to pay the settlements.

I don’t think we’ll break this cycle until paying Bitcoin to a Russian Hacking group = Jail.

[eqvinox]

Yeah, I hate the $×t argument because generally it only factors in your $ and t. The impact to others and other secondary costs are frequently not included.

[eqvinox]

Actually — even better point from the post:

> If you discover that the data was corrupted during the encryption process, is it game over?

> Most of the time, yeah. If it’s database files, typically they’re gone.

I hadn't even considered what happens when ransomware tries to encrypt a database while it is in use. That's not gonna end well...

[londons_explore]

The ransomware I've come across has lots of special heuristics to try and not destroy your data... Things like taking a copy and then doing an atomic replace...

[eqvinox]

Admittedly I've only had to deal with ransomware once, trying to help a friend. That one was way too shoddily written for anything like atomic replace or DB identification heuristics…

[splithalf]

I think this is wrong. It’s Bitcoin alone that is the problem. Ransom demands will exist as long as it’s viable money making enterprise. Asking humans to not to be human isn’t usually an effective strategy for anything. The only solution to remove the incentive, the value of crypto. Bonus for the planet since crypto also incentivizes coal burning and other pollution.