Choice To Pay Ransomware Might Be Simpler Than You'd Think (axios.com) 217
The conventional wisdom about ransomware is that when local governments pay the ransom, it encourages more criminals to launch more attacks. But that's not necessarily the case, experts say. From a report:The costs of recovering from a ransomware attack are often greater than the cost of the ransom. The victims of ransomware attacks are typically targets of opportunity, and cities generally aren't the primary targets. Corporations are -- and they often pay up. "The fact is, paying a ransom does not create a market," said Forrester Research's Josh Zelonis. "There already is a market." Riviera Beach and Lake City, Florida, paid a combined $1.1 million in ransom over about a week in June. Meanwhile, Atlanta spent $17 million restoring systems rather than pay a $50,000 ransom last year. Baltimore is likely to spend $10 million restoring its own systems refusing to pay a $75,000 ransom this year. The disruption to its city services may cost another $8 million.
For some cities, the best response might be to pay the ransom, then use the millions of dollars that would have been spent on recovery to strengthen cyber defenses before the next attack. "If you don't learn from the past, you will end up being ransomed again," said Deborah Golden, the new head of Deloitte's cyber consultancy. Whether a city pays, doesn't pay, or has yet to be attacked, prevention will often save money.
For some cities, the best response might be to pay the ransom, then use the millions of dollars that would have been spent on recovery to strengthen cyber defenses before the next attack. "If you don't learn from the past, you will end up being ransomed again," said Deborah Golden, the new head of Deloitte's cyber consultancy. Whether a city pays, doesn't pay, or has yet to be attacked, prevention will often save money.
Harsher sentence's for the ones that stole data (Score:5, Insightful)
They are fucking with peoples lives. Their sentence should reflect that. And if the police or a citizen beats the living shit out of them, oops. Shit happens
Re: (Score:2)
Yep. There has to be a way to follow the money back to these assholes when you're working with ISPs at government levels.
Re: (Score:3)
The problem is these assholes are over seas. Often in a weak or failed state. The authorities in north Africa and the former Soviet block for example are not interested in some bitcoin scammer, the authorities in Russia don't care or if they do care would consider the information a recruiting opportunity for the NKGB.
You can follow the money but unless the issue is big enough the state department is willing to make an international incident over it; that leads to dead end. Really the rule needs to be don
Re: (Score:3)
I've seen one ransomware attack up close and personal. It wasn't pleasant, but fortunately the organization involved had a very good back up regime. Once the offending workstation was identified and taken off the network, the nightly back up from the night before was restored. There was probably a day of downtime, not pleasant, and a small amount of data from the morning was lost. So the rule of thumb is backup backup backup, and not just backup, but make sure it's to tape or some other facility that can't
Re: (Score:2)
Re: Harsher sentence's for the ones that stole dat (Score:2)
I believe the quoted 17 mil was not to restore from backup, but rather was to rebuild the
Re: (Score:2)
A federal ban on transfer of dollars to states that harbor these pirates would work nicely. Putin and his oligarchs will NOT be happy when their money supply is curtailed.
Barring that, have the banks track them and then have the CIA serve the culprits some polonium tea. Let Putin know that Russia isn't the only one that can play that game.
Re: (Score:2)
When you are physically taking someone into custody, it's no longer cyber.
Re: (Score:2)
Re: Harsher sentence's for the ones that stole dat (Score:2)
So... you'd advocate killing 40,000 innocent people in some random city because a group of cybercriminals set up shop there? Even if the criminals are working 100% hand-in-hand with their government, government != people... especially in places where democracy isn't the norm or particularly well-established.
Re: (Score:2)
Who's talking about killing a whole city or "40,000 people" or whatever? No one but you that I can see.
I think trained teams of hunter-killers would probably get the message across after the first few successful ops. Hang the headless bodies of the perpetrators from a lightpole and word will get around.
"Where's JerryX and DooDog and MaxCracker? I haven't seen them online for a while."
"Oh...didn't you hear what happened to them?"
Re: (Score:2)
It's been tried through history and the crooks always continued being crooks.
"I'm not stupid like JerryX, DooDog and MaxCracker, I'll do it smart."
Not to say they shouldn't be taken out of circulation, but there is always more stupid crooks as well as smart crooks who get into business, government or such.
Re: (Score:2)
Re:Harsher sentence's for the ones that stole data (Score:4, Interesting)
Ok. What would be the target? In overwhelming majority of cases, we don't even know the nationality of the one who made the attack, much less a location accurate enough for a "kinetic attack" short of a strategic nuclear weapon to be able to have any meaningful impact. Even tactical nukes would be insufficient in their destruction range for this job.
Engage your brain instead of your knees.
Re: (Score:2)
A buddy and me were talking about vinegar on the way to lunch today. When we got back and he checked his private email, the web-app popped up an ad for vinegar.
Fuck it! The surveillance is fully in place already.
To transfer $100 from my bank account to my other bank account takes 3 days, because the banks have to run checks on it.
Fuck it! The surveillance is fully in place already.
The idea that they can't trace the transfer of a fucking $75,000 payment is obnoxiously ridiculous.
Re: Harsher sentence's for the ones that stole da (Score:3)
With most popular mail clients, "not opening" is easier said than done. Outlook and Thunderbird have both had their fair share of "drive-by" exploits in the past. Even Gmail via browsers has claimed drive-by victims due to malformed-Jpeg exploits.
Re: Harsher sentence's for the ones that stole dat (Score:5, Interesting)
Then you have been lucky. For 20+ years, I was the IT directory for a company that had 3 manufacturing locations, 2 distribution centers, and dozens of point-of-sale locations. We had hundreds of attacks, and five got somewhere - two did damage to local files, two were intercepted when they tried to access data on company servers, and one just took over a browser, but was seen by the owner's daughter, and got someone fired. For not calling IT immediately, and trying to fix it himself, supposedly... which is understandable, because it was due to visiting porn sites.
None did any lasting damage (early detection and backups)
Three of them stated from the computers of the owner and a department head's laptop. In those three cases, it was unsolicited emails which looked relevant to the recipients, and which they opened, contrary to company policy. The lower ranking employee are less likely to take the chance, they called us when they had any doubts, and usually, if if they screwed up, the security software was adequate. But the chief officers and department heads were less likely to "put up with the IT bullshit", and forge ahead, overriding warnings, and running executable.
But in the last attack, the recipient did nothing wrong. The email client preview function had a vulnerability, and her system was taken over. It downloaded an executable that tried to use the copy of an admin's roaming profile to spread, and that tripped detection. But all blame was to the IT department - our defenses were late in responding, the user didn't do anything wrong. If anything the administrator should not have logged in on the domain when he did, some time before the attack.
Fortunately, there were backups from the night before, and it all happened in the morning. A few people lost 30mn of work, if that. I spent hours trying to figure what happen, and how to prevent it from happening again (in addition to upgrading the email clients, of course)
Depends on the E-mail client and PDF software (Score:3)
Depends on the E-Mail client.
Yes, at one end of the spectrum you have monstrosities like Outlook, which want to display nice beautiful ( <- for a very weird definition of "nice beautiful") rich-format e-mails, and basically do a web-render with everything turned on.
Including fetching all extra from the web and/or running any scripting content (which might be used for nefarious but non dangerous purpose like marketing/tracking purpose - think Facebook's Pixel - or of outright attacks - like the above ment
Re: (Score:3)
That will have zero effect. The ones always calling for "harsher sentences" are part of the problem. You people are not interested in prevention at all, all you want revenge. Revenge is, as you may have noticed but obviously not realized the implication of, an after-the-fact thing. A threat of revenge is also known to have not much preventative effect and, as in this case, if the attackers have a very small risk of getting caught, it has no effect at all.
You have one thing right though: These are important
Re: (Score:2)
Re: (Score:2)
The ass here is you. But you are too blind to actual reality to see that. Dunning-Kruger effect at work.
Re: (Score:2)
Re: Harsher sentence's for the ones that stole dat (Score:2)
Surely you're talking about cold data. No way that is a one-size fits all solution, and no way the majority of that is hot data being snapshotted. Furthermore, how often would such a system be able to be tested? And what happens if a snapshot breaks along the way?
Re: (Score:2)
I'm not sure how people can "make more effort" to secure their systems when the flaws are in the underlying web browsers, the OS, in Java, etc.
Re: (Score:2)
Oh, sure. But what about having backup and a strategy to get up and running again? You know where you can be up and running again after a few days?
Re: (Score:2)
Yeah, OK, that can be done.
Also switch to using client-server apps where no data is stored on local machines so a quick disk re-image can get a machine up and running again. Maybe even develop a way to trigger the re-image remotely.
Re: (Score:2)
Re: Harsher sentence's for the ones that stole dat (Score:2)
The solution must also consider the broadest risk ranges against the greatest individual risks. Physical hardware failure, theft (stolen laptops and mobile devices), security breach remediation (OS reinstall of all machines especially domain controllers), data corruption (Incompetence or malcious), failed updates, acts of god, etc.
These solutions must also be able to move enough data in t
Re: (Score:2)
A threat of revenge is also known to have not much preventative effect
It has no preventive effect in the case of lowlife criminals committing opportunistic crimes, no.
This is different though. It takes planning ans skill and once a virus is launched it stays out there, sending info back to their servers. That's the sort of thing that makes people lie awake at night if they start seeing lots of headlines about dawn raids, long sentences, etc.
Re: (Score:2)
You are mistaken. These people assume they will not get caught and hence the sentences threatened are irrelevant.
Re: (Score:2)
Ok then? What's the problem with changing their assumptions? Once a few are dealt with, they will obviously need to reconsider their premises. A little foreign policy. . . something like "All foreign payments over $X must be picked up at an official branch of the bank and cashed by the recipient" should provide enough exposure to make the criminals think twice. Banks and countries that won't play along wouldn't be allowed to play at all.
Re: (Score:2)
Revenge is what criminals understand.
Re: (Score:2)
Fucking sentence these assholes to 20 years or more. If someone dies due to their attack. A First Responder unable to help someone in time, or dying in hospital because of missing records. Life in prison.
Studies time and time again have shown that increasing sentencing time doesn't lessen crime much (if at all). Increasingly the likelihood of being caught and prosecuted is much more effective than increasing punishment. We need to improve our arrest rate- draconian punishments might help our sense of justice, but they won't stop ransomware; you can throw in a death sentence and torture listening to Kanye West for 48hrs straight- but it's not going to dissuade ransomware authors if they don't think they wi
Re: (Score:2)
torture listening to Kanye West for 48hrs straight-
Dude, I thought I was brutal, but you're scary.
*I ain't sayin' she's no gold digga'
*But she ain't goin' wif no broke unh! unh!
Aaaaah!!
Re: (Score:2)
You could legislate their sentences to be slow death by thirst, and it will keep having zero impact. Because these people are not even going to be in the country they're ransoming people/organisations in. Chance of actually getting caught is sufficiently close to zero to where consequences of getting caught become irrelevant.
Re: (Score:2)
They are harming everyone in these attacks. Fucking sentence these assholes to 20 years or more. If someone dies due to their attack.
It amazes me that whenever we talk about specific crimes, everyone wants people to be punished extremely harshly. Then when we talk about how America incarcerates too many people, we want to reduce prison sentences.
Re: (Score:2)
Re: Harsher sentence's for the ones that stole da (Score:2)
I'm not sure that would matter (Score:2)
This is where diplomacy should come in. Same with Mexico & South America. It's cheaper to drop food than bombs. It's cheaper to build up a region or to reform a man than to lock 'em up.
Re: (Score:2)
Life in prison is already the law in Canada if you kill someone with a hack.
I suspect it's the same in the USA.
The problem is, you're never going to catch these people. Computers are basically un-securable, and the industry blames the users instead of it's own failings.
This is not being fixed any time soon.
Re: (Score:2)
20 years to life isn't harsh in this case. Examples should be made, it's the only thing they'll understand.
PS: The problem in North Korea isn't the crime-commiting criminals, it's all the political prisoners and the general dictatorship.
(...and the USA doesn't exactly have a stellar prison record either)
Re:Harsher sentence's for the ones that stole data (Score:5, Insightful)
Examples should be made, it's the only thing they'll understand.
People seem to be capable of believing that criminals are immoral and won't follow laws because that's what makes them criminals, yet at the same time are rational and reasoned and consider the consequences of their actions before committing them.
Punishment being a deterrent for crime is only a modest piece of the puzzle - certainly the difference between no punishment and *any* jail time is more significant than the difference between X or Y time in jail, because presumably people committing crimes either are not considering punishment, or simply don't believe they will be caught. "Making an example" of people doesn't work anywhere approaching the panacea people casually offer up as a "solution" to crime, and the reason people will claim it doesn't work is it isn't harsh enough until it's pushed to the point of cruel and unusual punishment.
Re: (Score:2)
"Making an example" of people doesn't work anywhere approaching the panacea people casually offer up as a "solution" to crime, and the reason people will claim it doesn't work is it isn't harsh enough until it's pushed to the point of cruel and unusual punishment.
Of course not, but this is a new sort of crime and not the sort opportunistic crime that lowlife criminals commit on a whim. It needs skill, it needs planning.
The first people caught/tried for this crime will make headlines and other people thinking of doing the same thing will take notice of those headlines. I'd give them a harsh sentence. Really.
Re: (Score:2)
Totally agree with you. While SirSlud wrote beautifully I have to disagree with his allegation that . ""Making an example" of people doesn't work....."
Having lived for quite some time around cities that do/don't enforce specific laws I've seen that people do obey those laws in relation to whether they will definitely be enforced.
Took a trip to Seattle:
Will you get a ticket for jaywalking? Yes.
Will you get a ticket for doing drugs right in front of the Police? Apparently not.
BTW, watch your step down-town th
Re: (Score:2)
Violence comes in many forms. Only some of those forms are physical. These people are attacking hospitals and governments. Surely they can't be expecting authorities anywhere to laugh it off.
Even for good old warfare, medical facilities are considered off limits. And read more carefully. OP was advocating 20 to life for a malware attack that results in death. That is, when the attacker demonstrates callous disregard for human life by attacking emergency services.
Re: (Score:2)
A bit harsh. You're wishing violence on them. And 20 years to life for a malware infection. You'd feel right at home in North Korea I suppose. People like you are why Bitcoin exists.
If an intentional malware infection threatens human life, then I say serve up the Earl Kilogray Polonium. Make a video of your counterattack, and send it viral.
Re: (Score:2)
Pollution also threatens human life. Just saying...
Yes, it is a simple choice. (Score:2, Flamebait)
Incompetent or no IT staff, no backups, lots of savings, great bottom line.
Why not spend some of it on ransom?
Re:Yes, it is a simple choice. (Score:5, Insightful)
Pretty much. When TFS says
"Baltimore is likely to spend $10 million restoring its own systems refusing to pay a $75,000 ransom this year. "
What they don't mention is that Baltimore is most likely spending the vast majority of that money on things they should have spent it on beforehand: Upgrades on all levels, decent security systems and procedures, a decent and updated DR/backup system, maybe decent IDS and mitigation systems, compartmentalization of resources, mail/web filtering, security training... ...crap that I'm willing to wager they'd blown off or outright denied funding for, for years beforehand (and whatever bureaucrats blew it off? They're likely still enjoying either their current jobs or fat city pensions - yay for being a PHB I guess.)
TL;DR: Paying off the ransom doesn't mean they wouldn't end up spending that $10m on top of any ransom to bring their systems up to snuff... like they should have been in the first place.
Unless you enjoy having your infrastructure become everyone's subsequent bitch, you're going to be shoveling money, time, resources... all into making sure it doesn't happen again (or if it does, only after at least a decade or two of subsequent blowing off of needed upgrades, training, systems...)
Nobody escapes that cost, ransom or no ransom. Maybe it's time folks learned that...
Re: (Score:2)
And to add, when TFS says:
"The fact is, paying a ransom does not create a market," said Forrester Research's Josh Zelonis. "There already is a market."
What they forgot to add was "...which you just made bigger."
The problem isn't paying (Score:4, Informative)
And spending more on security isn't going to stop these attacks because we're fallible. There's a sucker born every minute.
It's the lack of a real worldwide, coordinated deterrent that threatens physical capture/harm.
Just like when email spamming lost a little juice when some spammers were finally prosecuted and/or jailed, or when the Somali pirates started getting hunted down by the US Navy, there has to be a coordinated effort by governments for ransomware attacks.
Until then, the risk of getting caught and prosecuted is almost zero - and cities with average Joe employees will get burned time and time again.
Re: (Score:2)
Chicken and Egg problem. (Score:3, Insightful)
Re: (Score:3)
Wouldn't the point be for everyone to stop paying? (Score:2)
Re: (Score:2)
I agree. These attacks create costs on the criminal's side. If they had no chance of recovering these costs, the attacks would stop pretty soon. But since these "victims" (they _did_ set themselves up for it, when you look at actual facts) do pay, the problem will persist. I think it is high time to make paying such a ransom illegal.
Re:Chicken and Egg problem. (Score:4, Insightful)
Costs to conduct most such attacks are miniscule. That's one of the problems with internet. It made delivery of payload effectively free, which means you only meaningful cost is developing payload. Internet solved that as well with darknet forums which sell malware for cheap. Last thing that was the problem was how to get the money transferred. Internet solved that as well with bitcoin.
So the problem you have is simply "internet and things it made possible", not "costs"
Re: (Score:3)
Re: (Score:2)
You're correct, but you can carry the line of reasoning even further. If it becomes known that you have security vulnerabilities and that you are willing to pay ransom, you become more likely to be targeted by further ransomware attacks. And if they know how much you paid for the previous ransom, they may ask for more. The cost of paying a ransom can't be calculated by just looking at the difference between the cost of the ransom and the cost of an outage. You *have* to account for whether your vulnerab
Right... (Score:5, Interesting)
"For some cities, the best response might be to pay the ransom, then use the millions of dollars that would have been spent on recovery to strengthen cyber defenses before the next attack."
I suspect most of these cities will pay the lower cost (pay the ransom), then spend the next few years complaining that paying for the ransom took all the money they would have spent to improve their IT department. I wonder what will happen after that?
Re: (Score:2)
Pay the ransom and write is off as a consulting fee. The criminal just showed you a huge fucking hole in your system and now you can harden it. The best thing for these cities to do would be to secure their systems before hand, and failure to do so should be a criminal offense.
Part of the question is who do you hold responsible? If the government actually were to put funding IT improvements to a vote before the population (in my city they put a proposal out to keep a couple fire stations funded, it was voted down and people in those areas suddenly found their home insurance prices going up...) and it gets voted down, do we arrest the citizens?
Though I would think anyone in the government when a preventable event like this occurs should be hit with something like an immediate no
Funding better ransomeware! (Score:2)
Applying the logic of this story, the makers of ransomeware should obviously increase their investments in finding new security vulnerabilities to exploit.
Entropy always increases. Especially in Windows environments. Guess who's going to win?
The closest thing to a real solution is to stop with the giant targets already. Any gigantic target is going to get attacked, and Windows has merely become the largest and most attractive target.
Imagine that Microsoft had cloned itself into several daughter companies wh
After you pay, out what you can (Score:3)
After anyone pays and gets everything back - they should make public all correspondence and related materials for whoever they interacted with.
Then, place a bounty of twice what you paid leading to their arrest...
If everyone could have access to full emails including headers, along with bitcoin wallet addresses don't you think a lot of amateurs could figure out who was behind some of this ransomware? If there's a lot of financial motivation to hunt down people or groups behind the ransomeware, maybe that would tart to put a brake on it.
Right now it just seems like easy money with zero repercussions.
Re: (Score:2)
...and if the perp lives halfway across the planet (or worse, is a state actor doing its best to get around sanctions on the down-low?)
Re: (Score:2)
No, rather than hunting down the ransom author for $2M, when all their communications are behind seven proxies... it would be much easier to use the same 360d to infect two new cities and ransom them for $1M each.
Re: (Score:2)
when all their communications are behind seven proxies
What makes you think script kiddies doing these ransomeware things are even close to that smart or careful.
It may turn out to be so, but in the past most criminals end up being lazy. They slip up eventually.
Don't forget if nothing else you can follow where the money goes from wallet to wallet after the initial transfer of the ransom. No way to disguise that and once you find any wallet along the chain of money sent from the ransom account, you can wal
Deloitte (Score:2)
Do not take anything an "expert" from Deloitte says. If you are well-known expert in a non-bullshit field, you simply do not end up at Deloitte. Or any big four.
Re: (Score:2)
These big consultancies basically sell you their name and nothing else. I have seen a slide-deck that one of the big-four produced for a technical analysis that was an utter disgrace. Complete chaos, basically unreadable, and the conclusions simply wrong. That analysis did cost a lot and cost a lot more in the damage done to the customer. And I saw an IBM big-data team fail after bumbling about for 3 years. At the end they did not even have the sensors working, while I had implemented a real-time transforma
Re: (Score:2)
To be fair, their personnel is often people fresh from school who struggle to find a job, or are terrified to be jobless for more than two weeks and stay there for a few months to have a line on their resume. They know the working conditions are bad, the corporate culture parodic and the pay below average for anyone with a serious degree. They leave ASAP.
Also a few fools who love stereotypical corporate culture and believe on day they will become "partners" and afford costlier ties. Those are very comical,
Bad logic here (Score:2)
if your network is unsecure with poor backups, the cost you incur to fix it doesn't change if you're stupid enough to pay off the script kiddies that took you down. You still need to fix your security and backup problems regardless.
The problem is... (Score:2)
...the minute you start giving into ransom, you will trigger a wave effect that will tell every other criminal, that this crime we can get away with.
Doesn't matter how much money you lose vs ransom, it's the core principal that matters here. Start accepting ransom payments, and giving in to the criminals, will open up a whole Pandora's box for them, not just ransomware, but literally everything.
More expensive for society as a whole (Score:2)
For the individual companies affected, paying a ransom may make financial sense because it costs less than the damage impacted by the ransomware. And the hacker is unlikely to target the same individual twice.
However, by paying the ransom one is providing financial resources to a criminal organization and encourage them to carry out more ransomware attacks. The cost of paying the ramson may be far smaller than the potential damage for an individual, but for society as a whole, the damage inflicted by paying
Re: (Score:2)
Really? (Score:2)
I don't have an economics degree, but I'm pretty sure giving people money works as an incentive.
Paying ransom doesn't save you (Score:3)
The simple fact is that paying the ransom is a terrible idea.
1) It shows you already are failing as a company/government/etc
2) You will have to pay it again and again, because they can just go right back after you. You are now a top target of ransomware.
3) How do you know you are operationally secure?
If you do not have offline backups and a BCP that have been tested and practices you should just shut down and delete your data now.
This is not about 'the market for ransomware this is about basic business continuity. Being unable to recover from ransomware quickly without paying the fee shows you are not taking any due care.
The Attack Vector (Score:2)
I mean we can talk all we want about logging, permissions, backups, etc, all of which are good things to maintain and manage, etc; but isn't it just someone opening an attachment or clicking a link that is the problem here?
If that is so, if phishing emails are the attack vector, why are we ok with users being able to open attachments and click links in this way?
In thi
Re: (Score:2)
Like it or not, email is a major platform for day-to-day business activities. Documents get sent back and forth all the time. I agree it's not ideal, but regular users are an amazing combination of lazy and gullible (well, some IT admins are, too). I've tried many times over the years to insist people use shared drives or online document management systems to move files back and forth, but unless you outright ban attachments, people will just use email. And really, you can minimize the attack surface, but y
LOL (Score:2)
The fact is, paying a ransom does not create a market
The fact is, you're wrong, dipshit. Saying "The fact is," before you spout some bullshit won't fool anyone but millennials.
It may be a coerced market, like the mob offering "protection", but it exists only because people pay up.
Semantic games (Score:2)
I think the hairsplitting between "paying ransom CREATES a market" and "paying ransom ENCOURAGES a market" is pretty fucking pointless.
The fact is, paying a blackmailer absolutely going to encourage more criminals to attempt it, at the very least. All the news stories crowing about how it cost $10 million to restore a system to avoid paying a $50k ransom are practically accomplices.
You know what wouldn't encourage hackers? Beheading. For instance, I bet the Russian mafia doesn't get hacked by script kidd
The High Cost of Windows (Score:2)
The attack vector is Outlook + a Windows box. This particular vector has been around for at least 25 years -- with lots of noises coming out of Redmond saying "We'll fix the problem", some hand waving, and the problem continuing. Sure, there should be backups, but maybe you could try using Free Software for you email stuff instead? At least stop using Outlook on Windows? If you have a particularly technically illiterate person, buy them a Mac and watch with glee as they try to open viruses programmed for Wi
Re: (Score:2)
MS-Office based vulnerabilities may extend to other systems that implement VBA (Libre/OpenOffice, I'm looking at you). And if Libre+Linux became the major platform, you'd suddenly have bash script trojans on the loose. Underlying it all is the automatic opening of files from external sources, and no matter how good your malware detection, they'll always be one step ahead of you.
Re: (Score:2)
Underlying it all is the automatic opening of files from external sources,
It doesn't have to be automatic.
If you don't have the expertise to set up some kind of virus detection, use gmail. They have good corporate plans, and they detect this kind of thing before your users find it.
Re: (Score:2)
In my nearly 30 years in IT, I've seen users follow some pretty elaborate instructions written by hackers. Social engineering attacks work for a reason. Once a user has surrendered any notion of personal responsibility, and thinks the email from the "IT Department" is legit, they'll go to a terminal window and do whatever it says, and the defense will be "Well geez, I thought it WAS from the IT department."
Users are the lowest common denominator, and that's why these attacks work. And by users, I even mean
Paying the ransom is just the start (Score:3)
what idiots (Score:2)
of course paying the ransom will grow the market, and that's exactly what we're seeing. More and more.
Again, why aren't the IT departments thrown out the door on their butts when they can't recover from ransomware attack, only the incompetent will have that problem
Distinction without a difference (Score:2)
So.... (Score:2)
Rational choice for the victim but... (Score:2)
The article seems to be arguing that because it is cheaper to pay the ransom than fix the problem without paying it, it is the rational choice for the victim. This may be true, but to make the leap that since that is true, paying the ransom does not encourage the criminals that launch the attacks, requires a level of stupidity that I cannot believe. Of course paying ransoms encourage the blackmailers. It may be in your selfish interest to just pay the ransom once you have already found yourself in that s
Learn from the past (Score:2)
In the past you installed Windows and were anally raped by Microsoft for years. Then you got totally owned because of Windows. Did you learn that to install Windows is to be anally raped and owned? If you did not learn this, then kill yourself.
Journaling filesystems as circuit breakers? (Score:2)
So... with all of these "encrypt the files in place on network shares" ransomware attacks, why DON'T we have the ability to set aside ~half the hard drive for journal history & enforce a rule like, "all changes get journaled, history can't be deleted or overwritten for 7 days, and when history log becomes full, the drive is effectively write-protected until enough time elapses to allow overwrites"
Yeah, it would mean we'd need 1TB drives to handle a week with 512GB worth of existing files & changes,
Re: (Score:3)
Nothing replaces a good backup regime. Full stop.
Weekly full, daily incremental, offsite, offline, new servers on the shelf (iron or virtual), workstation images. Have these in place, and even in the worst case scenario, where servers and workstations are put out of commission, where a really nasty exploit that can run in privileged mode can fuck with FS journals, and your downtime is minimized. I've done it. It sucks. New server brought online, backups restored from tapes, workstations having to be spun up
Well, maybe (Score:2)
"The costs of recovering from a ransomware attack are often greater than the cost of the ransom."
Well they certainly are if you don't have viable backups.
Yes, I know that doing the whole recovery-dance is a pain in the ass and will obviously cost something in terms of time and effort, but compared to the typical ransomware extortion fee? Probably not nearly as much.
ABSOLUTELY NOT (Score:2)
Do not pay these ransoms. You're just encouraging more of this type of malware to be created and spread.
Stop paying. Use sensible backup strategies, and train your staff to know what phishing emails look like.
STOP PAYING! STOP ENCOURAGING THIS BEHAVIOR, FFS.
Learning from their mistakes: not so much! (Score:2)
I would hope that (Score:2)
What if it was a crime to pay ransoms? (Score:2)
This may be a crazy idea, and it just popped into my head, but perhaps if the cost to a business (or government, or even individual) was higher if they pay the ransom - via fines, prosecution, etc - then maybe they would not do it. And if no one pays the ransoms, they *will* eventually stop. But it has to be 100% or very, very close. If just some people stop paying, but others continue, then it just encourages more ransomware (because they will need to increase the overall number of victims to keep profits,
Nope (Score:2)
For some cities, the best response might be to pay the ransom, then use the millions of dollars that would have been spent on recovery to strengthen cyber defenses before the next attack.
How about they spend some of the money they would have spent on recovery on developing a recovery plan that doesn't cost so much?
false dichotomy (Score:2)
False dichotomy.
You can do both: recover your systems without paying the ransom *and* improve your cyber defenses at the same time.
If you're refusing to pay the ransom, the ROI on improving your cyber defenses is really damn impressive, using the numbers given in this article.
Paying a ransom doesn't necessarily (Score:2)
Rid your organization of the plague. It would be more clever to get the ransom, and then have daemons lie in wait for a future opportunity. Hell, you might as well charge a subscription, or protection, like the mob did/does.
Re:game theory (Score:5, Interesting)
"paying a ransom does not create a market" ... "There already is a market"
only because of the corporate fuckwits who paid up created the market: "Corporations are [the primary targets] and they often pay up"
we would all have been better off if no one had ever caved, but now that it's lucrative more attacks are invited
Make it illegal and throw CEOs and CIOs in jail if their companies pay the ransom in the future.