Business Week 4 DQR
Business Week 4 DQR
Thomas Boulais
For this week’s discussion, I chose Brenntag North America. “Brenntag is a world-leading chemical distribution company headquartered in Germany but with over 17,000 employees worldwide at over 670 sites.” (Abrams, 2021). The company was compromised by ransomware in May, 2021, with the hacker-group “DarkSide” claiming responsibility for the attack. The DarkSide organization demanded the bitcoin equivalent of approximately $7.5 million following the theft of 150GB of data from the Brenntag. “After several days of negotiation, Brenntag and Darkside eventually reached a compromise, with the organization handing over $4.4 million in bitcoin”. (Irwin, 2021)
DarkSide is known to target companies with high levels of capital. Brenntag, being such a large, worldwide company was an obvious target. The organization claims to have gained access to Brenntag’s system through stolen credentials. Brenntag had several gaps in cybersecurity that could have prevented this attack. Their systems could have been on a virtual private network (VPN), logins should have been on a two-factor authentication, and they should have been using improved endpoint protection software. Any of these security upgrades, among others, could have kept DarkSide from carrying out a successful attack.
While it’s unclear who made the decision to pay the ransom, Brenntag paid the DarkSide organization. The question of whether this decision was ethical depends on point of view. Within the 150 GB of stolen data, DarkSide claimed to have the following:
· Financial and accounting information
· Sensitive accounting & human resources information, including individual’s social security numbers, addresses, drivers license numbers, and some health data.
· Contracts, marketing information, legal information
· Company projects and chemical formulas
Because Brenntag paid the ransom, the data of it’s over 17,000 employees remained safe and off the dark web. Further, potentially dangerous chemical formulas remain safe. However, paying a ransom invites criminal organizations, like DarkSide, to repeat the crime. Paying the ransom also had a negative effect on Brenntag’s stock price, which negatively effects shareholders.
In my opinion, Brenntag operated in an ethical manner. They used the utilitarianism type of ethics. They protected their employee’s data and chemical formulas that could be used to harm people around the world rather then protecting the company and its shareholders. This shows the utilitarianism type of ethics because they chose to protect the biggest group of people possible.
The 5 biggest ransomware pay-outs of all time
https://www.itgovernance.co.uk/blog/the-5-biggest-ransomware-pay-outs-of-all-time
(Irwin, 2021)
Chemical distributor pays $4.4 million to DarkSide ransomware
(Abrams, 2021)
Response -
Donald Doan
Good morning class,
I was an employee at Sony Online Entertainment when we were hacked in 2014. Although I worked in a different division not apart of Sony Pictures. Here is a brief description of what happened:
In November 2014, Sony Pictures Entertainment has hacked by a group calling itself the Guardians of Peace. The hackers who were believed to be working in at least some capacity with North Korea, stole huge amounts of information off of Sony's network. This was believed to be because of the film The Interview, a comedy about two Americans who plans to assassinate North Korean leader Kim Jong Un. Initially, Sony reacted by shelving the movie. However, President Obama warned that capitulating in the face of terrorists threats would set a bad precedent. Sony ended up releasing the movie on schedule in select theaters and online. Sony's network was down for days as administrators struggled to repair the damage. The hackers posted several waves of files, confidential documents, and unreleased movies over the next several weeks. They further pressured Sony that anyone that watched the movie would have a "bitter fate" and "remember the 11th of September of 2001" It was widely taken as a threat of terrorist attack. Sony Entertainment CEO Michael Lynton made the decision to still release the film online and on-demand platforms including Google Play and YouTube. Although Sony didn't pay a ransom, the damages were already done financially as many unreleased movies were released to the public. I believe releasing the film was ethical. President Obama said it best "If somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary they don't like, or news reports they don't like."
Response -