Support NeoGAF

[yazenov]

Firstly, it's unfortunate that the incident happened, and our sincere sympathy for the people who were victims of the hack.

This poll isn't exclusively about the Insomniac hack. We have seen many hacks in the past and let's be frank, other companies will face these problems in the future.

What do you think about the company's decision not to pay the ransomware hackers who ransomed the data for $2 million? It is correct or not, given the amount of confidential information floating around the internet now.

Suppose you are the decision maker, would you pay the ransom amount and take the hit financially or deal with the consequences of the leaked information? This is something other companies should think about if the worst-case scenario happens.

 

[Topher]

The more these companies pay, the more they legitimatize ransoms as a business model.

Time for these companies to start taking security more seriously.

 

[X-Wing]

No, I wouldn't.

1) zero guarantee that they wouldn't release the data anyway
2) zero guarantee that they wouldn't sell to someone else next
3) would work as an incentive to these sort of attacks
4) would just reward the hackers for the attack
5) the hack wasn't stopping them from carrying on working


One interesting note: only 98% of the data was leaked. 2% of data was sold, the question is to whom.

 

[Go_Ly_Dow]

Nope. These companies could probably be doing a lot more to thrwart the hacks in the first place.

 

[T-0800]

The internet was a mistake.

 

[BouncyFrag]

This is the way:

 

[Ar¢tos]

No, I wouldn't.

1) zero guarantee that they wouldn't release the data anyway
2) zero guarantee that they wouldn't sell to someone else next
3) would work as an incentive to these sort of attacks
4) would just reward the hackers for the attack
5) the hack wasn't stopping them from carrying on working


One interesting note: only 98% of the data was leaked. 2% of data was sold, the question is to whom.

Hmm
Would Insomniac have the encryption keys and sensitive data necessary to use any hardware/software flaw to jailbreak and increase piracy?
It's not worth as much now with every game requiring an Internet connection, but still, there are a few rare games that release complete and don't require internet.
Some piracy group could be interested in that.

 

[//DEVIL//]

I get ransome emails every day from hackers in my junk mail saying they saw me rubbing one off on cam without me knowing and they want 5000$.

Poor bastard been trying for years. Not gonna pay shit heh

 

[KungFucius]

No. You would get no real guarantee that they didn't already leak the data and you would make yourself a target for more hacks.

 

[Portugeezer]

Ransomware attacks get paid quite often and it's in their interests to be legit when it comes to decrypting otherwise no one would ever pay.

I don't think it was the same thing, data just stolen but was it also encrypted? If it was just stolen, even if you pay there is no guarantee it wouldn't leak. Probably why Sony never paid.

 

[Physiognomonics]

Paying a ransomware for digital data? Insanity. The answer will always be no.

 

[Neff]

Depends how much and what I'd get in return. If the hackers were willing to demonstrably return everything they had and fully disclose how they did it and assist in patching up security on my end, then maybe.

Otherwise no.

 

[Tarnpanzer]

Pay them, but let them show u how they did it. Update ur security.

 

[cireza]

Of course not.

 

[SJRB]

Never negotiate with terrorists.

Someone brought shame and dishonour to your family, Sony. Surely a billion dollar conglomerate has people on standby for these kind of situations. Release the ninja, send in the hit squad.

 

[PharaoTutAnchAmun]

Pay them, but let them show u how they did it. Update ur security.

Heck no...when you pay the hackers you set a president for other hackers, they know that you will pay. Hackers hacking with the purpose to earn money are scum, they must be hold accountable for theyr shitty practice in Court and punished with substantional time in jail.
Paying them is the dubbest thing to do, that you must update your security is a given that will cost you money ofcours. But paying the hackers money and update your security, is dumb.Do you think that hackers will show u how they did it? No they wont....

 

[The Fuzz damn you!]

Who is voting yes to this?

No. Of course not. There are a whole heap of Sony studios who would become prime targets overnight if they did, because “Sony pays out.”

 

[Robb]

Of course not.

 

[Skifi28]

Fuck 'em. Let them leak my nude photos, it's the internet's loss anyway.

 

[kvltus lvlzvs]

Should have just paid for a few extra infosec staff instead of the additional hr karens and middle management

 

[Hudo]

Nah. I'd use the Valve tactic and ask them to come in for an interview because it'd be cool to have them employed as security. Even offer them to get them a green card etc. Have them arrested as soon as they land.

Bonus: Spread a rumor in their prison that they're involved in CP.

Merry Christmas, everyone!

 

[Denton]

You don't negotiate with terrorists, you kill the terrorists.

 

[DJ12]

No, feel bad for the staff that had their details leaked, but if it was paid they'd be getting attacks every couple of weeks.

Heck the people who stole the information would probably sell it on to the next bunch of chances anyway, so they don't even need to send some sap a "click here to see big tits" email

 

[diffusionx]

I said it in another thread but yea I think they should have paid it. This leak is really brutal by leak standards, there's a frigging playable build of Wolverine people are playing right now. I don't remember anything like that since Half-Life 2. I think the PR and strategic hit of this leak goes far, far, far beyond $2 million and no, the hackers would not "release the data anyway" because, well, that's not how ransoms work and they want companies to pay it.

 

[ahtlas7]

Yes, meet them in a dark alley for the payment then Hoffa them.

 

[Topher]

Has all this criminal corporate ransom bullshit been made possible by cryptocurrency?

 

[AlphaDump]

/double post

 

[AlphaDump]

Hmm
Would Insomniac have the encryption keys and sensitive data necessary to use any hardware/software flaw to jailbreak and increase piracy?

I have no idea what you are trying to say, but I'll just save you the time and say no.

Has all this criminal corporate ransom bullshit been made possible by cryptocurrency?

Yes, absolutely.

 

[X-Wing]

I said it in another thread but yea I think they should have paid it. This leak is really brutal by leak standards, there's a frigging playable build of Wolverine people are playing right now. I don't remember anything like that since Half-Life 2. I think the PR and strategic hit of this leak goes far, far, far beyond $2 million and no, the hackers would not "release the data anyway" because, well, that's not how ransoms work and they want companies to pay it.

Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back

New ransomware research reveals that you really can't trust a criminal.

www.forbes.com

The Sobering Truth About Ransomware—For The 80% Who Paid Up

Newly published research of 1,200 organizations impacted by ransomware reveals the sobering truth that awaits many of those who decide to pay the ransom.

www.forbes.com

This company paid a ransom demand. Hackers leaked its data anyway

It's always recommended that ransomware victims don't give in to ransom demands - and this real-life case demonstrates why.

www.zdnet.com

Ransomware victims are paying up. But then the gangs are coming back for more

Cybersecurity experts warn against paying ransoms - this is why.

www.zdnet.com

 

[Tams]

No.

I'd send them nudes and threaten to continue to do so until they backed down. If they tried again, I'd threaten again.

 

[Icymanipulator]

Absolutely not

 

[jroc74]

Hell no.

 

[Josemayuste]

Nope, if you pay you're setting a precedent to other hacking groups.

 

[lh032]

thats like asking whether a women should pay her ex for not sharing out her noods

 

[SHA]

To make copycat games? it's so stupid to even think they could runaway with this on any platform they pick, the code for every game is already visible to the big 3, steam and mobile stores, seriously, they can't runaway with this and make tons of money out of it, they're the gatekeepers, no one should underestimate them, hacking is child play to these guys.

 

[FunkMiller]

The second you pay, you not only hugely increase the chances of it happening to you again, you also increase the chances of it happening to others. There simply is no justification for paying. There's no upside at all.

 

[Aenima]

Thats like give the hackers a prize for the job well done. Now plz hack me again in the future so i can pay you again. And tell your friends they might want to try hack me too.

 

[King Dazzar]

No.

I'd send them nudes and threaten to continue to do so until they backed down. If they tried again, I'd threaten again.

Good tactic. They'd need therapy for life if they saw me naked.

 

[poppabk]

I would say don't pay. The number of financially motivated hackers that will be discouraged likely outweighs the notoriety hackers that will be encouraged by the publicity this created.
That GTA6 hacker dude though is probably already probing Sony security using the hacked smart thermostat in his padded room.

 

[Unknown?]

No I'd ask for the payout first. Then I get 2 million for the company and makes their data worthless.

 

[ZoukGalaxy]

Never, it will just make things worst and send the message "hack me if you want money".

They just should reply this

 

[StreetsofBeige]

Yup. it's not like $20M worth of bitcoins is budget busting. Now if the hackers asked for $200M or $2B that'd be different. But when some important product road maps, confidential financials and employee data are help hostage, it goes to show Sony didn't think all these leaks were worth $20M. Then again maybe they didnt know what was breached and they called their bluff the hackers had nothing important to leak (or had zero to leak).

My old colleagues who work at companies that got hacked, one guy said the company paid them. Dont know how much as the only public thing released was some business articles saying the company got breached. No confidential info was dumped on the net from hat I saw r heard from my buddy, nor did any articles say how much they even paid.

And that company is way smaller than Sony. So even they paid. And it's not like their products are hyped up roadmaps for games. If their roadmap of products was leaked, i dont think anyone would even care.

 

[cireza]

Yup. it's not like $20M worth of bitcoins is budget busting. Now if the hackers asked for $200M or $2B that'd be different. But when some important product road maps, confidential financials and employee data are help hostage, it goes to show Sony didn't think all these leaks were worth $20M. Then again maybe they didnt know what was breached and they called their bluff the hackers had nothing important to leak (or had zero to leak).

My old colleagues who work at companies that got hacked, one guy said the company paid them. Dont know how much as the only public thing released was some business articles saying the company got breached. No confidential info was dumped on the net from hat I saw r heard from my buddy, nor did any articles say how much they even paid.

And that company is way smaller than Sony. So even they paid. And it's not like their products are hyped up roadmaps for games. If their roadmap of products was leaked, i dont think anyone would even care.

And what's stopping the hacker from asking 200 millions the day after you pay 20 millions ?

 

[StreetsofBeige]

And what's stopping the hacker from asking 200 millions the day after you pay 20 millions ?

Nothing. But at least the first batch of info is not dumped.

So what youre thinking is anytime a hacker group gets tons of confidential info from a company, just let them release it and not care. Whatever happens happens.

Thats not how you run a business.

 

[Reizo Ryuu]

That's about the dumbest thing one can do; absolutely not.

 

[Kings Field]

No, if anything it was free advertising. It doesn’t matter if the whole game would be leaked, people would still slurp it up.

This just got people thinking about the game and either hyping it or shitting on it. It’s on people’s brains.

They should send the hackers a thank you.

 

[cireza]

Nothing. But at least the first batch of info is not dumped.

So what youre thinking is anytime a hacker group gets tons of confidential info from a company, just let them release it and not care. Whatever happens happens.

Thats not how you run a business.

I understand your point of view and do not mean to disrespect it, of course.

However you are trusting the hackers to have at least some "principles" or "honor" if you pay and expect them not to ask for more. You will remain at their mercy. This money would be better invested in tighter security. I work in the IT landscape, by the way... Security is a very expensive and demanding thing to have, but it is an absolute necessity.

 

[MarkMe2525]

You can't pay. Extortion will never end. Back up, back up, back up.

 

[StreetsofBeige]

I understand your point of view and do not mean to disrespect it, of course.

However you are trusting the hackers to have at least some "principles" or "honor" if you pay and expect them not to ask for more. You will remain at their mercy. This money would be better invested in tighter security. I work in the IT landscape, by the way... Security is a very expensive and demanding thing to have, but it is an absolute necessity.

I agree that future security should be bulked up. But at that moment of time when they got data, I'd say pay it. It's only 50 bitcoin worth. It's worth gamble IMO with this first pay off.

Of course, there's always risk the hackers just dont give a shit, get paid and then dump the data anyway for laughs.

 

[ShadyAcshuns]

Never reward shit behavior under any circumstances.