What happens now? HBO is faced with a few questions that will shape their decision based on very limited information and the longer they wait to make a decision the more information they will have.
If we take the new reports at face value that this is an extortion attempt then the decision to pay or not hinges on a couple of key points of information.
1) How good were the hackers
If they were really good and managed to hide their traces well, the forensic effort is going to be a very long and ultimately incomplete job. HBO will never know the totality of the breach.
Without knowing the totality of the breach, HBO executives will have to make a decision about how valuable the claimed information is to them (both from an actual investment perspective and a brand damage perspective) without having any real confidence in the data that is missing. So far the “taste” is not that bad which likely would reduce a willingness to pay.
2) How honest are the hackers
It’s a funny question, but paying a ransom would require significant trust that they hackers wouldn’t take the money and then release the information anyway or resell it to a competitor. This is a question that no one will have good insight on and will essentially be a gut instinct based decision.
3) How damaging is the information that was available to the hackers?
This ties to the first question, but no one knows all the emails and documents that are sitting in their network. An audit of senior emails and other documents that may have damaging or embarrassing information will help inform the risk calculation of whether it makes more sense to pay and pray or hold firm and weather the storm of the media should the “worst case” scenario of leaks happen.
Answering questions 1 and 3 takes time and the longer HBO can draw out the “negotiating” process the more likely it is that they will be able to make a more informed decision. The hackers are likely aware of this scenario as well so it is likely that if the hackers are being honest about the ransom demand and monetary motivation we will see dumps that are increasing in frequency and availability as a way to put pressure on HBO.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.