Ethical Dilemma And Professional Ethics: A Case Study On Ransomware Attack

December 21, 2023/

Uncategorized

Ethical Dilemma in Ransomware Attack

Discuss about the IT Ethics for Corporate Citizenship and Sustainability.

Ethical dilemma also known as the ethical paradox is situation when there exists certain problems while making of decisions between two or more moral imperatives amongst which neither of them is unambiguously acceptable or preferred. In this type of situation no straight forward decisions cannot be made which initially makes it hard to prioritize one decision over the other. It is possible to analyze this situation so as to understand the pros as well as the cons of each and every direction and after understanding it is possible to choose the option which is less severe (Trevino & Nelson, 2016). This report would be discussing about the ethical dilemma that was faced by numerous organizations during the Ransomware attack in one of the South Korean web design company Nayana where it was forced to pay US$ 1.65 million in the form of Bitcoin. In the year of 2017 million of dollars were paid to the cyber criminals. Ransomware is considered to be one type of virus which enters the user’s computer system or database which initially encrypts the files of the user which makes it impossible for the user to read their own files. Once encryption is done by the ransomers they starts asking for money from the user in order to provide them with the encryption key (straitstimes.com, 2018). At the initial phase of the attack the ransomer demanded an amount of 550 bitcoins that worth around $1.62 million but after negotiation the amount was reduced to an amount of 397.6 bitcoins which worth around $1 million dollar. This type of attack was achieved by Erabus along with a note that in case if the ransom not paid within 96 hours then all the files would be deleted.

Professional ethics is associated with encompassing the personal as well as the corporate standard behavior which is expected by the professionals. This is something which might be considered to be a measure which is professionally acknowledged by individuals and the business regarding the processes conducted, values and the principle guidelines. It is better to consider as a code of conduct which are applicable in various professions. This are generally set up by the expert members who belong to that specific profession or professional organization. The South Korean web hosting provider criminals has been associated with demanding around 550 Bitcoins which amounted to around US$1.65 million (Darwall, 2018). According to professional ethics the organization should always strive for excellence which would be helping a lot in achieving greatness. From the prespective of professional ethics it can be stated that the organization has defied the professional codes of ethics. There exists various situation when a company might face problems like this and due to this reason the organizations needs to prepare itself from any kind of outside attack by taking certain precautions so as to ensure the security and to make sure that their fies cannot be corrupted by the ransomeware or any kind of similar malware. But in this case it was seen that the organization was having such precautions so it can be stated that it has defied the professional codes of ethics (Moore & Ahmed, 2016). This attack initially made the customers face certain problems and they were not capable of using the web hosting services properly which mainly happened due to the fact that the ransomware strain was successful in encrypting the data that were present in the server of the company (Branche, 2017). In the beginning the company faced an ethical dilemma if to pay the amount or not. In the beginning when they realized that they have been attacked then they had no intension of paying the amount so they started negotiating with the attackers. Rather than negotiating with the attacker they should have thought of taking alternative steps in order to protect the data and this negotiation can be considered to a violation of the professional code of ethics. According to the professional code of ethics the company should have necessarily included the integrity, transparency, honesty, confidentiality and many more. But the company did not included any of this in their code. They were also not capable of informing the other parties about the attack and the results of this attacks which initially led to rise of more problems (Crane & Matten, 2016). This inability to inform can be considered to be the violation of the professional code of ethics. Another major concern of the code of professional ethics is the maintenance of privacy and confidentiality which was at risk during the attack so to prevent the disclosure of that information the CEO of the organization decided to quick actions which is totally according the code of professional ethics that is performing the respective duties. It is the duty of the CEO to secure the information in the server.

Professional Ethics in Ransomware Attack

Ethics is also considered to be a part of ethics that is associated with dealing the fact that if the acts conducted by humans are good or bad, or right or wrong. This perspective is associated with asking several questions which includes the following: “What are things that are good?”, “What are the actions that are to be taken by someone who faces ethical dilemma?”, and many more. From the perspective of philosophical ethics the situation of South Korean web design company Nayana can be judged in two ways. First of all the paying of the amount to the ransomers is totally bad and not at all right. Whereas when seen from the perspective of solving the problems of the users it is totally good and right. From the first perspective this situation is wrong and paying of the amount is not the solution to the problem (Grace & Cohen, 2015). The organization should have thought of some other measures in order to protect the privacy of the files stored in the server. They should also have kept backups for situations like this. Whereas from the second perspective this is totally justified due to reason that in case the payment is made then the solution would be received at a faster rate and proper service would be provided to the customers. Another major concern is if the decision is for self-interest or for morality. The company had thought of the fact that it is right to make the payment demanded by the ransomer as recovering from the attack was not possible for the within 96 hours after which all the data would be deleted. Their main aim was to save the data of the customers so as to retain the privacy. Privacy of the customers is one of the major concern for a business so fast action was required in order to protect the privacy of the customers so the company took fast actions by making the payments in order to get encryption key (Swanson & Frederick, 2016). The amount was high but it was later reduced which was also in interest of the company.

Descriptive ethics is generally considered to be an empirical form of research regarding the attitude that an individual or a group of people is having. This is generally considered to be a division of the physiological or general ethics that mainly involves making of observations regarding the moral decision making process with a goal of describing the entire phenomenon. The works done on descriptive ethics are associated with reveling the belief of people regarding the values, what are the things which are correct, and many more (Baek et al., 2018). The CEO of the organization was forced to may an amount of around $1million when the customer’s data were stolen. He had been associated with negotiating the ransom amount and this payment was done in three different steps. The 1^st and the 2^nd payments were done in quick succession. The CEO of the organization was aware of the even if the payment is made it is not sure if they would be receiving the encryption key or not. The organization should have made sure before the attack that their system is totally secure from any kind of intrusion (Hämäläinen, 2016). The services provided to the users were also interrupted due to this the CEO thought that in order to protect the customers data and to save the organization he made a quick payment. Besides this the data of the customers were also held for quite some time unless and until the payment was paid by the organization (Baek et al., 2018). The CEO considered the fact that it is not possible to recover the data from the attacker within 96 hours so instant decision was taken by him to pay the amount in the form of bitcoin but he also tried to negotiate the amount and he was also successful in doing so. Almost 153 Linux servers were affected which contained data of more than 3400 customers. This can be considered to be massive attack when the entire number of business is taken into account. From the perspective of the users who are getting the service from the web hosting company is that it is the responsibility of the company to save the data of its customers. The customers considered the fact that it is the companies fault that they have not adopted the adequate number of steps for protecting the data of the customers which initially acted as the major reason for this attack.

References

Baek, S., Jung, Y., Mohaisen, A., Lee, S., & Nyang, D. (2018, July). SSD-Insider: Internal Defense of Solid-State Drive against Ransomware with Perfect Data Recovery. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). IEEE.

Branche, P. O. (2017). Ransomware: An Analysis of the Current and Future Threat Ransomware Presents (Doctoral dissertation, Utica College).

Crane, A., & Matten, D. (2016). Business ethics: Managing corporate citizenship and sustainability in the age of globalization. Oxford University Press.

Darwall, S. (2018). Philosophical Ethics: An Historical and Contemporary Introduction. Routledge.

Grace, D., & Cohen, S. (2015). Business ethics.

Hämäläinen, N. (2016). Descriptive Ethics: What Does Moral Philosophy Know about Morality?. Springer.

Moore, B. J., & Ahmed, S. A. (2016). Efficacy of Philosophical Ethics Uptake in E-learning.

straitstimes.com (2018). Record $1.5m ransomware payoff stirs controversy in South Korea. [online] The Straits Times. Available at: https://www.straitstimes.com/asia/east-asia/record-15m-ransomware-payoff-stirs-controversy-in-korea [Accessed 30 Jul. 2018].

Swanson, D. L., & Frederick, W. C. (2016). Denial and leadership in business ethics education. Business ethics: New challenges for business schools and corporate leaders, 222-240.

Trevino, L. K., & Nelson, K. A. (2016). Managing business ethics: Straight talk about how to do it right. John Wiley & Sons.

Turn in your highest-quality paper
Get a qualified writer to help you with

“ Ethical Dilemma And Professional Ethics: A Case Study On Ransomware Attack ”

Get high-quality paper

NEW! AI matching with writer

Marketing Analysis For The Retail Industry: A Report By MIT University Students

Task Overview The term marketing management means giving directions to an organization’s resources in order to implement the best possible strategy so as to meet the desires of the customers. The goal should be maximize the sales of the particular product or service. The person responsible for overseeing, planning the development of new products is […]

Developing An Audit Program For A Selected Listed Company

Introduction and Project Requirements Auditing is an independent examination of financial information of an entity whether profit making or not and irrespective of its size that is small, medium or big or its legal form whether it is a company(whether listed or unlisted), partnership or any other body corporate and when such examination is conducted […]

Organizational Factors That Hinder Employee Productivity: A Survey Study

Thesis statement 1). Thesis statement Save Time On Research and Writing Hire a Pro to Write You a 100% Plagiarism-Free Paper. Get My Paper Due to low productivity in most organizations, high labor turnover and job unsatisfactory, several issues emerge on whether there are factors that may hinder or motivate employees from working and producing […]

Legal Issues Arising From Two Cases

Case 1: Liability of Meghan and Rachel for Misappropriation of Funds by Charles Windsor III Facts Save Time On Research and Writing Hire a Pro to Write You a 100% Plagiarism-Free Paper. Get My Paper Harry Spencer,a long-time client of Charles Windsor & Sons Solicitors, gave Charles Windsor III some money to invest on his […]

Charter Development For Stud Farm Online Management System Project

Part One MOV – Measurable Organisational Value Save Time On Research and Writing Hire a Pro to Write You a 100% Plagiarism-Free Paper. Get My Paper Area of Impact Rank (1 to 5) Operational 1 Save Time On Research and Writing Hire a Pro to Write You a 100% Plagiarism-Free Paper. Get My Paper Strategy […]

Report On Organisational Performance Of An Allocated Company

Components of the Report The report is developed to provide an analysis of the organizational performance of a selected company listed on ASX. It provides an evaluation of the financial performance of the selected company with analyzing its profitability position. This is carried out by providing comparison of the current year financial figure of the […]

Connect With Us