I was catching up on LinkedIn the other day when I came across this company's post.
“We are so confident our security awareness training program works, we’ll pay your ransom if you get hit with ransomware while you are a customer.”
That's a bold claim, one that could even be seen as controversial, given the FBI's advice to avoid paying a ransom to hackers.
Surprising interview with KnowBe4's CEO
We arranged an interview with KnowBe4's founder and CEO Stu Sjouwerman. We wanted to go behind the scenes so we could ask him about the ransom guarantee and the decision to offer it.
However, before the interview even started, Sjouwerman had a surprise. He came on the line, asked for my email address, and 10 seconds later told me to check my inbox.
He had created and sent me a spoofed email.
It absolutely looked like it came from my colleague Tom, who leads our web conferences and online security courses, but it was a fake. Only his text gave it away: "This is a test Spoof email. Stu."
Talk about driving home the point on phishing—that will do it!
So what about the pay your ransom guarantee? And what other trends is Sjouwerman seeing. Here's our interview:
Here are a few things we learned during our discussion.
- KnowBe4 will pay your ransom in Bitcoin.
- The offer has a $1,000 equivalent limit per occurrence.
- Sjouwerman says backups fail much more commonly than you might expect.
- He believe's paying a ransom (or not) comes down to a business decision for customers.
- The company is seeing ransomware become more evolved and destructive over time.
By the way, if you're looking for the fine print on KnowBe4's pay your ransom guarantee, here it is.
And yes, Sjouwerman says, a few customers have taken the company up on its offer to help pay their ransom.
