More and more, we see that ransomware is not a technology issue per se. This is about human behavior. Exerting pressure, exploiting human weaknesses. Applying psychology to gain advantage. We have learned how the FBI leaked the dossier story, to create news, establish momentum and pressure Trump. The hackers have learned how valuable that approach can be in aid of their extortion. When you are in a knife fight, bring a gun! CISOs and their security teams keep turning up with penknives. Hackers are turn up with guns. Last week, we saw an attack on a law firm, in which the attackers took a page out of the media playbook, throwing Donald Trump into the mix to get maximum publicity, doubling the ransom demand and teasing out a few details. Now we see the attackers leaking and leading the news again, forcing the MSU attack onto the public forum. This increases the general fear of ransomware, at no cost to the hackers. Every university will now be checking their insurance for ransomware payments, which makes it more likely that ransoms can be paid in the future. We are not dealing with ethics here – it’s all about the money, with a side-helping of chaos. Incidentally, universities have HIPAA obligations, PCI obligations, PII obligations – so this could get messy.  Read Less