back to article Ransomware crims drop Bitcoin faster than Google axes services

The falling price of Bitcoin is forcing ransomware masterminds to convert the crypto-currency as soon as they can. Rather than holding on to their ill-gotten BTC, the crims are simply laundering the ransom money as soon as possible. "I've seen this discussion in underground forums among Russian criminals," Etay Maor, senior …

  1. This post has been deleted by its author

    1. Finder Keeper

      You need to verify that you can restore from backups when the need arises. Before you have accumulated any critical data (or on an identical test-only platform), induce a hard crash by wiping or removing the drive, then make sure that you can restore it from backups.

      Without this, backups are useless.

    2. Pascal Monett Silver badge

      Nice to know

      And I completely agree with the practice. Just out of curiosity, what tape drive do you use on your personal PC at home ? Oh, none ? What I thought.

      Your data backup solution is perfect for the business area, I've seen it used (and have been part of the support personnel for it) many times.

      Now tell me how many home users you know make backups. Personally, I put that tally at 3 : myself and my two best friends. We are all computer-savvy, and two of us work in the IT industry. Even though, nobody I know uses tape. Optical backups are the norm in the home user area. Some mistaken souls use hard disks, they will find the error of their ways the hard way.

      I doubt very much that the ransomware business targets mostly businesses. The home user is the biggest market, and one that is easiest to infiltrate because by definition home users are not computer-savvy and, generally, only become aware of the risk once they have been bitten.

    3. CliveM

      ARCHIVE non-changing data permanently to encrypted off-line storage. Store off-site in two locations. Place copies of it on READ-ONLY partitions as well, for fast access, but allow NO changes to this data. Make a fresh copy if you need to change something. This data does NOT need to be backed up, as it is already ARCHIVED.

      Similar recommendations omitted for brevity and to reduce the risk someone regards them as a template. This isn't best practice, it is outright dangerous. Where have they come from? Nowhere, they've been trotted out with no reference to the volume or nature of data, regulatory requirements, budgets, user expectations, business needs or any of 101 other factors that should be considered. Without that any backup strategy is fundamentally flawed from the outset.

      Archival is a useful tool for some forms of data, a menace that should be disregarded completely for others. It suits datasets that fit into neat little conceptually well-defined boxes of manageable size. The month's transaction data probably suits archival well, your customer database probably doesn't. It's one approach to consider alongside main backup, replication, clerical records etc but if it is advocated at the outset it is wrong by default.

      Your main backup strategy is equally flawed - it is premised on the implicit assumption that you can afford to lose a day's data. In many contexts that simply isn't acceptable in this day and age - if you lose an entire day's transactions HMRC will be on you like a ton of bricks. Investors, too, since such a loss will mean you won't get your accounts signed off at year end. Your backup strategy ignores risks like that. Why? Because you never bothered to even consider it.

      Even off site storage is not a sure thing 100% of the time. Every time you create a copy of your data, even if encrypted, you are increasing the risk of that data falling into the wrong hands. This risk is multiplied as the data moves off site. The vast majority of the time if you have one copy of the data and add a second then the benefits outweigh the risks, if you already have six copies and add a seventh you are raising the risk for no appreciable benefit. For some particularly sensitive data the thresholds could be lower than that - again it is something to consider before reciting a list of universal recommendations.

      You also completely neglect any consideration of human factors, or the time and expense of management and administration. Too many places have technically watertight, appropriate backup policies that fail because of this. If backup takes someone two hours a day it isn't going to get done reliably. Where are your backups then? Again this is something that has to be considered at the outset long before recommendations are made. It's another thing you didn't bother with.

      That isn't to say that simple bullet points don't serve a role, if they are factors to consider which will then lead you to actionable points when the particular circumstances have been considered. Taking short cuts does not serve you and here you begin with a fundamental and reckless short cut before you even start.

  2. The FunkeyGibbon

    Small companies

    A lot of SMBs and the crappy MSPs that do their IT wouldn't know a good backup methodology if it bit them square on the arse. They are the bread and butter to these criminals.

  3. Robert Helpmann??

    What it's for

    "They use Bitcoin for the money laundering part and take payment with it..."

    It's almost as if it was designed for this purpose.

  4. Richard 1

    Online works fine, if you've got a brain.

    I use Google Drive for my online backup. I have just under 170GB stored on there. I would know within minutes if someone was encrypting my important files because the Drive icon would start showing that files were being uploaded as they've changed. I don't stare at the icon incessantly but I do notice if it's up to something. Anything encrypting my files would be quickly identified and the system would be cleaned/re-installed immediately.

    1. caffeine addict

      Re: Online works fine, if you've got a brain.

      So, you never watch fullscreen video or play full screen games? Never leave your computer to go get a drink? Leave it locked to do admin tasks or virus scans overnight?

      If I were writing any kind of software like that, it would only work while the keyboard and mouse were inactive, or the screen was blank. But that's just me thinking off the top of my head in a forum. I'm sure the bad guys haven't thought about such things...

      1. This post has been deleted by its author

    2. This post has been deleted by its author

  5. Paul Crawford Silver badge

    Reactive vs Proactive

    "Far too many people are willing to pay up to have their data decrypted"

    Such a shame they are so much less willing to pay for a backup (or someone knowledgeable to arrange & test it for them). Such is life...

  6. MooJohn

    Stop paying the ransom

    Like negotiating with terrorists, ransomware would cease to exist if people didn't pay the ransom. Criminals do it only because it's profitable and requires little to no effort to extort money. Even if only one in 1000 victims pay it's still a cash-cow that runs by itself.

    People pay because it's an easy fix. Just hand over a few hundred dollars and all your data magically reappears. They still won't learn a proper backup routine and it will all get encrypted again as soon as they click on another "Your package has been delivered" email.

    1. Anonymous Coward
      Anonymous Coward

      Re: Stop paying the ransom

      I imagine that's easy to say until you are one of those who is hit and you have a choice between paying a modest sum or losing your entire business.

      Most people in the west would argue no random payments when discussing ISIS kidnappings, but if it was your wife or your son they held you may be willing to pay whatever they ask and screw the consequences for whoever they might kidnap in the future.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021