Can a cyber-attacker report their victim?

karen-lto-program · 2025-05-07T09:34:00.465Z

Incredibly, this unprecedented situation did occur. An infamous ransomware attack group was anxious to extort funds from its victim and actually reported that its victim had been attacked to get them to respond to payment demands. Defending against cyber-warfare is a top priority for organizations. Get the details on this story and helpful tips in this blog

adrian_ych · 2025-05-07T10:00:24.728Z

There are always 3 sides to the coin when SEC and regulations kicks in ??

Do you protect the business, stakeholders, shareholders or the businesses’ customers ?

Then for the businesses, the same as above applies as does it protect the business, stakeholders, shareholders or the businesses’ customers ? And at what costs ? What are the penalties ?

What if a business does not need to defend against cyber attacks as they have outsourced the risks to external parties like insurance and/or other defense vendors ?

karen-lto-program · 2025-05-08T09:40:17.739Z

In this case, the irony is that the cybercriminals were using legitimate regulatory frameworks to apply pressure to the company and intensify the impact of criminal activity. SEC disclosure regulations are intended to protect an organization’s customers, suppliers and associates by informing them a cyber incident has occurred so that they can tighten their own defenses, and be on their guard for further criminal activity that could originate from the use of stolen data. Whether or not having a legal obligation to disclose a cyber attack is a good thing or a bad thing is perhaps a different talking point. Entrusting your entire cybersecurity strategy to a 3rd party is an individual business consideration. The obvious ‘what if’s’ might be: ‘What if your defense or DR vendor was the entry point for malware, or failed to meet their SLA, leaving you exposed?’ Or ‘What if your insurance vendor determined that your situation was not covered by their policy and refused to pay out?’ Unfortunately, both scenarios have occurred in real-life. Ultimately, it comes down to a question of risk management and the comfort level a business may have in delegating this critical area in part, or in whole, to someone else.

For SMBs, this may be the only practical option given the sophistication of advanced ransomware threats. But for larger companies, in-house ownership/responsibility and independence, seems to be more common.

adrian_ych · 2025-05-08T10:02:40.682Z

But there is always 3 sides to the coin ?

If like a kidnapping case for a Billionaire’s child and they are asking $10M in ransom which is literally spare change for the rich guy. Would he risk calling the Police or just pay then ransom then later call the Police when he gets his child back ?

What if the rich guy bought kidnap insurance where the insurance actually pays for the ransom ? And the first thing after getting the kidnapper’s call is to call insurance instead of the Police ?

But if they want to wait & see or do not want to pay ransom, then may publicity may force the ransom to be paid ?

karen-lto-program · 2025-05-08T11:03:38.148Z

Every organization will have its own attitude towards risk and what they are prepared to tolerate or be potentially exposed to. Organizations with large resources will undoubtedly consider the threat landscape differently to those with more limited budgets or specialized staff.