The latest issue of The Red Tape Chronicles has a great discussion about ransomware gangs. Half of U.S. corporations have reported being attacked by ransomware gangs last year, and while it’s technically illegal for U.S. firms to pay ransomware, a lot of them do anyway.
Ransomware attackers may portray the entire ransomware payment process as more akin to an ordinary business transaction than an international extortion scheme. In fact, some recent ransomware attackers purportedly even offer a victim company a discount if the victim company transmits the infection to other companies, just like referral programs of Uber or Lyft.However, while a ransomware payment process may seem straightforward and rudimentary, the reality is far more complicated and rife with challenges. No ransomware payment process can guarantee that the ransomware attacker will provide a decryption key. The ransomware scheme may be nothing more than a social engineering ruse, more like an old fashioned Nigerian Internet scam than a malware infection – and the payment could end up being all for naught.Indeed, ransomware attackers may no longer have the encryption key or may just opt to take a ransom payment, infect a company’s system, and flee the crime scene entirely. Not only is the system of paying in untraceable Bitcoin risky, but the transaction in its entirety is so risky, it hardly seems palatable. Nonetheless, the number of victim companies that pay ransomware demands continues to grow at an alarming rate.For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorism laws, FCPA, conspiracy, and others) – and even if payment is arguably unlawful, seems unlikely to be prosecuted. Thus, the decision whether to pay or ignore a ransomware demand seems less of a legal, and more of a practical, determination — almost like a cost-benefit analysis.The arguments for rendering a ransomware payment include:• Payment is the least costly option;• Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);• Payment can avoid being fined for losing important data;• Payment means not losing highly confidential information; and• Payment may mean not going public with the data breach.The arguments against rendering a ransomware payment include:• Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;• Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;• Payment can do damage to a corporate brand;• Payment may not stop the ransomware attacker from returning;• If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and• Using Bitcoin to pay a ransomware attacker can put organizations at risk. Most victims must buy Bitcoin on entirely unregulated and free-wheeling exchanges that can also be hacked, leaving buyers’ bank account information stored on these exchanges vulnerable.When confronted with a ransomware attack, the options all seem bleak. Pay the hackers – and the victim may not only prompt future attacks, but there is also no guarantee that the hackers will restore a victim’s dataset. Ignore the hackers – and the victim may incur significant financial damage or even find themselves out of business. The only guarantees during a ransomware attack are the fear, uncertainty, and dread inevitably experienced by the victim.
Details emerge after an honest Tesla employee thwarted a ransomware plot
Elon Musk confirmed last week that a Tesla employee reported a credible ransomware plot. The employee had been offered $1 million dollars to install the ransomware at their Giga Nevada facility, according to the FBI. Via Wired, which has excellent coverage of the details: Earlier this month, according to a recently unsealed criminal complaint, a… READ THE REST
Criminal hackers breach law firm, threaten to release Trump documents
A criminal hacker group that breached a major entertainment law firm says it will release documents on President Donald Trump if it doesn’t receive $42 million in ransom. READ THE REST
After ransomware took Baltimore hostage, Maryland introduces legislation that bans disclosing the bugs ransomware exploits
Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city’s systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs… READ THE REST
MATLAB is computer science for legit scientists, but you can learn it too with this training
If you’ve never heard of MATLAB or think it sounds vaguely like certain TV shows from the ’80s, you’d be forgiven. Because even in a tech sector chock full of intricate, complex programs and systems that routinely leave lay people scratching their heads, MATLAB is science tech for the serious, SERIOUS scientists. Since its humble… READ THE REST
These super-soft bamboo sheets now have a secret weapon: pockets
Every once in a while, you stumble across a new twist on an old idea and ponder, “Why didn’t I think of that?” It’s often a concept so simple that it feels like it’s been staring you in the face your whole life. It’s that sense of “duh” that the Bamboo 6-Piece Smart Pocket Sheets… READ THE REST
FogBlock solves the glasses-mask problem with a single spray
Glasses can be difficult at any time, but with a mask on, it seems like you can’t go more than a few seconds without an errant exhale blowing up into your face, fogging your glasses entirely. The only upside is the tiny bit of sweet revenge against everyone who called you four-eyes when they try… READ THE REST