Data Privacy Detective

Ransomware. It’s in the headlines. It’s digital organized crime across borders.

When an organization’s IT system freezes with its data locked by a ransomware gang, what happens? Ransom is demanded, and ransom often gets paid. But how does this work?

In this podcast episode, Bill Repasky, attorney with Frost Brown Todd LLC, shares key insights on the process of negotiating with ransomware criminals. They want payment in cryptocurrency. Victims want their data and systems restored. This becomes a business transaction. But not a typical one.

Ransomware strikes in 2021 involve highly sophisticated criminal syndicates. To them it’s about the money. When they strike a target and freeze the organization’s ability to operate an IT system, they reveal their digital identity and dictate how to send a ransom payment. The target may be willing to pay – but should do so only after negotiations to ensure that the payment will accomplish two essential objectives – (1) providing a decryption key to unlock the encrypted data and restore the IT system’s operation; and (2) ensuring that the data has not been taken (exfiltrated) by the criminals, or if it has, to have it returned with no copies kept by the criminals. The victim organization should check before making payment to be certain it does not violate U.S. sanctions laws by paying a group or person listed on the OFAC list. See Specially Designated Nationals And Blocked Persons List (SDN) Human Readable Lists | U.S. Department of the Treasury.

Successful conclusion of a ransomware attack requires expertise, patience, and insight. Learn how it’s done, pitfalls to avoid, lessons from past victims.

If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.

What is Data Privacy Detective?

The internet in its blooming evolution makes personal data big business – for government, the private sector and denizens of the dark alike. The Data Privacy Detective explores how governments balance the interests of personal privacy with competing needs for public security, public health and other communal goods. It scans the globe for champions, villains, protectors and invaders of personal privacy and for the tools and technology used by individuals, business and government in the great competition between personal privacy and societal good order.

We’ll discuss how to guard our privacy by safeguarding the personal data we want to protect. We’ll aim to limit the access others can gain to your sensitive personal data while enjoying the convenience and power of smartphones, Facebook, Google, EBay, PayPal and thousands of devices and sites. We’ll explore how sinister forces seek to penetrate defenses to access data you don’t want them to have. We’ll discover how companies providing us services and devices collect, use and try to exploit or safeguard our personal data.

And we’ll keep up to date on how governments regulate personal data, including how they themselves create, use and disclose it in an effort to advance public goals in ways that vary dramatically from country to country. For the public good and personal privacy can be at odds. On one hand, governments try to deter terrorist incidents, theft, fraud and other criminal activity by accessing personal data, by collecting and analyzing health data to prevent and control disease and in other ways most people readily accept. On the other hand, many governments view personal privacy as a fundamental human right, with government as guardian of each citizen’s right to privacy. How authorities regulate data privacy is an ongoing balance of public and individual interests. We’ll report statutes, regulations, international agreements and court decisions that determine the balance in favor of one or more of the competing interests. And we’ll explore innovative efforts to transcend government control through blockchain and other technology.

If you have ideas for interviews or stories, please email info@thedataprivacydetective.com.