As someone who has consulted for companies that have been the victims of ransomware, here’s my experience (and these are my experiences only - I have no knowledge of the exact variant of ransomware that hit simple auction):
One customer paid the ransom, and the decryption key was never supplied. The threat actor simply stole the money and then disappeared.
Our other costumers simply restored from backup and ignored the threat actor.
In all cases, a forensic investigation was undertaken to determine both the mechanism of intrusion and the extent of data exfiltration. If data were indeed stolen, notifications were made to those individuals affected. There are laws (GDPR in europe and CCPA in California, to name two) which require the users of the affected platform to be notified if their PII has been stolen.
Also, Some new variants of ransomware do indeed steal data and threaten to release said data if the ransom is not paid.
My heart goes out to Bob at simple auction - this is a shitty situation.
|