[HN Gopher] Confessions of a Ransomware Negotiator
___________________________________________________________________
Confessions of a Ransomware Negotiator
Author : belter
Score : 89 points
Date : 2021-09-13 07:47 UTC (1 days ago)
(HTM) web link (www.theregister.com)
(TXT) w3m dump (www.theregister.com)
| Zigurd wrote:
| A ransomware attack is as if your building burned down. If you
| have not practiced what you will do in case of a fire or flood,
| you will be offline for weeks.
|
| Reading things like "Ransomware attacks are now pervasive" makes
| me think very few organizations have practiced what to to do
| despite it being "pervasive."
|
| It isn't easy and it isn't enjoyable. Simply rehearsing restoring
| a system from a disk failure is stressful and often enough the
| user finds backup won't restore properly. But you don't know
| where the pain points are until you rehearse in a controlled
| environment.
| xupybd wrote:
| I doubt I would get approval for the resources needed to do a
| full restore rehearsal and I know we have gaps.
| buitreVirtual wrote:
| > unless you're critical to national security, the bottom line
| is: you're on your own here
|
| Ransomware attacks are now pervasive. I'd argue that even though
| most individual victims are not critical to national security,
| society as a whole is under attack. This makes it a national
| security emergency in my view.
| vkou wrote:
| The same can be said for drugs, homelessness, corruption,
| social media, and literally anything. Society as a whole is
| under attack by these things, and the costs it pays for them
| are much higher than ransomeare.
| martin_a wrote:
| Ransomware obviously only works if people are paying. Just stop
| that and it will go away.
|
| Oh, and of course make sure it can't happen in the beginning.
| ackbar03 wrote:
| Could you try to cure cancer next?
| marcos100 wrote:
| It's unnecessary. You just have to make sure to not develop
| it first.
| Clubber wrote:
| Even when it shuts down hospital ERs?
|
| https://www.wired.com/story/universal-health-services-ransom...
|
| Very brave of you to risk other people's health.
| cricci16 wrote:
| genius!
| Cthulhu_ wrote:
| Thanks I'm cured.
| me_me_me wrote:
| ha! That is brilliant idea, how come nobody ever though of it
| before?
| martin_a wrote:
| I don't know. Seems to be easier (read "cheaper") to run
| shitty software and not train people well, so this doesn't
| happen in the first place.
|
| It's not like Ransomware is some god-given thing that just
| happens.
|
| There's a case in Germany right now where the critical
| Confluence bug was simply not patched for two weeks after the
| notice that there's a critical bug/exploit. Now the systems
| are down and everybody's wondering how that could probably
| have happened...
|
| "Won't happen here" is easier than taking care.
| artificialLimbs wrote:
| You can't protect against the 80 year old Marthas who IS
| GOING to click the link regarding her 10,000,000$ payment
| from the Nigerian prince. She IS GOING to download and
| install the bank transfer program, and she is going to
| compromise the entire network.
|
| You can't get rid of the Marthas because the Marthas have
| been here 30 years and hangs out with everyone from the
| company on weekends, and probably knows more about the
| business than anyone even if you wanted to get rid of her.
| handrous wrote:
| Worse, it's not just ancient Marthas. A high percentage
| of younger generations--including those who grew up with
| desktop computers, so you can't just say "oh it's the
| iPhone's fault"--use computers essentially by rote and
| habit, without a conceptual understanding of much of it,
| and I don't mean in a theoretical CS-type sense, but more
| like plugging in a USB drive and knowing _one specific
| place on one specific kind of window, reached by clicking
| one particular icon_ to find it in, and being totally
| lost if it 's not there and/or concerned or confused if
| it's got a different name than the _totally different_
| USB drive you used last week, versus having some sense of
| what happens when you connect a disk and the _sort_ of
| place you might be able to find it. It 's the difference
| between "I get there by clicking this, then that" and "I
| get there by opening my file manager and navigating to
| what I need". They're saying the same thing, but one
| implies some understanding, and a resultant resilience
| and flexibility in use of the computer.
|
| The former are following a script with most everything
| they do, while the latter have enough understanding to
| think in categories of behavior and to predict or explain
| things, at least a little, which doesn't make them immune
| to phishing, but does make them significantly harder
| targets. The latter sort are less common than one might
| hope, even among those younger than Martha, though, which
| becomes clear if you talk to people who work in non-
| technical offices--bearing in mind that all but the
| oldest workers are now mostly Gen X and Millennials, with
| only a few raised-on-phones Gen Z so far.
|
| Overall, I'd say all signs point to every general-purpose
| desktop operating system being a usability and security
| disaster for at least half the population of non-
| oldsters.
| me_me_me wrote:
| 'If you dont pay it will die off'
|
| 'If you have prepared staff and software you are not going
| to be affected'
|
| All of it is true, no discussion here.
|
| But that's not how real world works. Complex systems, large
| staff of various skills, temporary access for temporary fix
| that becomes an established feature because there is
| something else more important, people leaving and so on.
|
| That's how a <insert boring item> company ends up with
| their DB not backed up or backed up locally so that's
| encrypted in the attack too.
|
| And you need info on orders, deliveries, and money etc
| RIGHT NOW!
|
| What do you do?
| infinityplus1 wrote:
| That's victim blaming. Even if we don't pay up, people will
| still spread ransomware just for shits and giggles. The cat is
| out of the bag.
| teddyh wrote:
| He's not blaming the victims for getting attacked by
| ransomware. He's blaming people who then _pay the attackers_.
| That's a separate issue. People can be _both_ victims _and_
| perpetrators of separate offenses, subject to criticism. I.e.
| being a victim of one thing does not render you blamless for
| all your subsequent actions.
| infinityplus1 wrote:
| Those who pay the attackers might have no other choice.
| Sure they should have taken backups. But right now they
| don't have any. What else can they do? Maybe government can
| enact laws asking to maintain backups regularly in critical
| industries.
| teddyh wrote:
| > _What else can they do?_
|
| They can take the hit and live without their data,
| thereby making the world safer for the rest of us.
| Focusing only on their own personal problem is the
| definition of selfishness.
| marcos100 wrote:
| Would you let your company that earns millions for a
| ransomware that is asking tens of thousands of dollars?
| m-p-3 wrote:
| If your company that owns millions doesn't have a backup
| of the mission-critical data somewhere, you have a bigger
| problem.
| rexer wrote:
| No. In that moment your biggest problem is that all your
| data is inaccessible. That you don't have backups reduces
| options since it precludes that solution, but another one
| exists: pay the ransom.
| imwillofficial wrote:
| "That's victim blaming"
|
| And?
|
| In this case the victims are enabling a whole cottage
| industry of crime.
| infinityplus1 wrote:
| Ransomware won't stop even if you don't pay up. Just
| destroying the target by data loss can be a sufficient
| reason for any attacker. No payment needed.
| imwillofficial wrote:
| This is wildly incorrect. For criminal groups who intend
| on making money, that payment is needed on a certain
| subset of victims are they can't stay in business.
| infinityplus1 wrote:
| I am a shady company who wants to take down a competitor.
| I can hire a hacker who'll do the dirty job for me and
| then get paid in cold hard cash. Or a nation state actor
| can decide to attack an enemy country's infrastructure.
| nkrisc wrote:
| So? If their goal is destruction what does that have to
| do with ransomware? They can do that whether paying the
| ransom is legal or not.
| infinityplus1 wrote:
| Deception? It can confuse the target about the motives of
| the attack.
| nkrisc wrote:
| So they were going to destroy data anyway, so this isn't
| what outlawing ransom payments is meant prevent because
| it can't. It will prevent ransomware for profit if no one
| pays.
| [deleted]
| imwillofficial wrote:
| I'm adding this to my business card. "Ransomware Negotiator"
| jansan wrote:
| ------------------------------------------- |
| | | Winston Wolf | |
| | | Fixer, Cleaner, Ransomware Negotiator | |
| | -------------------------------------------
| imwillofficial wrote:
| What a perfect reference hahahaha
| Kibae wrote:
| IMO, the next major war won't be fought with missiles and
| bullets. No democratic government will want to mass-murder
| citizens. I think the next major war will be cyber.
|
| We've seen what hackers are capable of with Colonial Pipeline.
| We've seen the damage that can be done by taking out Texas'
| energy grid.
|
| By targeting infrastructure that directly affects citizens,
| adversaries can influence the democratic process.
|
| If China is able to take out the internet infrastructure in a
| city like Seattle, people are going to look for someone to blame.
| That person would likely be whoever is in charge of the country
| at that point.
| teddyh wrote:
| That if once you have paid him the Danegeld, you never get rid of
| the Dane.
|
| -- Dane-Geld, Rudyard Kipling
|
| https://en.wikipedia.org/wiki/Dane-geld_(poem)
| dspillett wrote:
| Quite literally if you are not careful:
| https://www.cbsnews.com/news/ransomware-victims-suffer-repea...
|
| I expect the 80% figure to be rather inflated, unless they are
| talking about _attempted_ attacks and not just successful
| second attacks, but paying the ransom in no way means you won
| 't be attacked again.
|
| Though thinking about it, if it were only attempted attacks I'd
| expect the figure to be 100% - criminal types are not known for
| leaving a potential easy mark alone! If they don't re-attack
| themselves then they could at least sell or swap to another
| group information about the potential target (or another group
| could just catch news on the grapevine).
| lightsurfer wrote:
| A generational issue. Middle age business men vs. a new
| generation.
| steve76 wrote:
| Dump the world's medical waste into the Black Sea. Let's see how
| well you type with a clubbed hand.
| stevage wrote:
| I wonder about whether governments could make it illegal to pay
| ransomware.
|
| If a business from country X could not legally pay, then what
| would be the point of attacking any company from country X?
| deepsun wrote:
| I believe it's already illegal ("know your customer", maybe
| they are terrorists). But ransom payments are tax-deductible
| nevertheless.
| bee_rider wrote:
| Lawfare has done a little on this.
|
| (Article) https://www.lawfareblog.com/ransomware-payments-
| and-law
|
| (Podcast) https://www.lawfareblog.com/lawfare-podcast-how-
| can-congress...
|
| The article is a bit long, but I think the most salient parts
| are:
|
| > Consider, for example, Section 2339(B) of the material
| support statute, which makes it a crime for a person to
| provide material support or resources to a designated foreign
| terrorist organization. [...] But, at its core, it's a ban on
| the giving of something of value to a designated overseas
| group. There is no exception in the law for circumstances
| like ransoms, though nobody has ever been prosecuted for
| material support in a situation involving, say, a kidnapping
| or hostage taking. So if Hamas or Al-Qaeda got into the
| ransomware business, it would already be a crime to pay the
| ransom--though it's not clear whether the government would
| ever use its enforcement discretion to bring such a case.
|
| > [big list of similar laws]
|
| > Each of the aforementioned authorities is a piece of a
| legal puzzle that allows the government to target individuals
| and organizations in certain contexts. But these authorities
| are generally not well suited to be effective against current
| ransomware payments in general.
|
| > Generally, most of these laws, like the FCPA, will not
| apply, because the offending party often has only a tenuous
| connection--or perhaps no connection at all--to a government
| official. Even if it does, a prosecutor would have to prove
| that the payer knew this, which seems improbable.
|
| It seems to fall into this weird gap where it isn't clear if
| it is more like paying a ransom, paying for an IT service, or
| more like paying a bribe to continue doing business.
| dekkerbasser wrote:
| Ransom payments are tax-deductible? If true that is nuts! Do
| you have a source?
| belter wrote:
| "Hit by a cyberattack? Your ransom payment to hackers may
| be tax deductible."
|
| https://www.chicagotribune.com/business/ct-biz-ransomware-
| pa...
| unstatusthequo wrote:
| Partly already true. You can't pay criminals in OFAC listed
| countries (https://sanctionssearch.ofac.treas.gov/) Now, the
| issue becomes how do you know? And what happens when it's your
| businesses existence vs breaking the law?
| whoknew1122 wrote:
| Break the law. Every time. The fines are minuscule, and
| you'll likely be able to settle with the government without
| actually admitting wrong doing. There's also no personal
| consequences for the decision makers.
|
| Corporate accountability is laughable. So just break the law,
| get your small little fine, accept no wrong doing, and move
| on.
| maze-le wrote:
| Then the payment will be done by "underground payment
| processors" with a hefty extra fee. It wouldn't solve the
| problem I think, only shift the path an organization has to
| take.
| turk- wrote:
| No it wouldn't, no executive at any company would risk
| federal time and money laundering charges if it was made
| illegal.
| trenning wrote:
| Ah yeah HSBC Bank would never...
| jascii wrote:
| That's what throw-away shell companies are for...
| dboreham wrote:
| That's what Michael Cohen is for.
| axus wrote:
| The "businessmen" are probably more comfortable dealing with
| criminals looking for money than their own IT folks looking for
| money.
___________________________________________________________________
(page generated 2021-09-14 23:02 UTC)