Salesforce refuses to pay ransom to hackers who stole customer's data

Salesforce recently refused to negotiate or pay a ransom after a wave of cyberattacks affected at least 39 of its customers. According to the company, Salesforce’s public refusal to pay the ransom sets a precedent that discourages future extortion attempts. However, this strategy shifts the risk to their customers, who must now prepare for a potential data leak. It was reported earlier that Salesforce informed its customers it would not pay the ransom, citing “credible threat intelligence”.

The threat actors, reportedly known as Scattered Lapsus$ Hunters, have targeted major companies including FedEx, Disney, Home Depot, Marriott, and Google.

Damon Small, board member at Xcape, Inc., emphasized that companies are often tempted to pay ransoms, but law enforcement and cybersecurity experts advise against negotiating with criminals.

Small said, “If an organization pays once, they are likely to pay again. It’s difficult to ensure that all remnants of malware will be removed post-payment, so this type of shake-down will continue.”

Small recommended that companies, especially those with large amounts of sensitive information, assume breaches will eventually occur and prepare through regular security assessments and staff training to recognize fraudulent emails.

MacKenzie Brown, VP at Blackpoint Cyber highlighted that Salesforce’s situation underscores the importance of comprehensive third-party risk management, particularly for SaaS providers. Organizations should enhance their incident response plans to address potential data leaks originating from a vendor’s supply chain.