back to article Ransomware scum face unified white hat army

More security players have joined the No More Ransom initiative, which should make life hard for the cretins who create ransomware. More than 30 security research firms and law enforcement agencies have joined the initiative to unify their efforts to free victims from ransomware extortion. More than 6,000 users have used the …

  1. Oh Homer
    Coat

    Isn't it odd...

    ... that copyright trolls can so easily track down pirates, shutting down domains, confiscating profits, and prosecuting those responsible, and yet all the might of the "security" industry can't track down a handful of ransomware extortionists, instead resorting to a pathetic exercise in damage limitations?

    Strange priorities...

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Isn't it odd...

      You're confusing security firms with law enforcement.

      Trend Micro have neither the power nor the inclination to arrest copyright infringers. The law enforcement arms that do enact copyright policy do so within local jurisdiction.

      Set up a ransomware shop in the US and you can expect a relatively short career. Set up in parts of the world that don't honour US law enforcement requests and you can expect lots of western security people to have the capability to find you but very few of them to have any power to do anything to stop you.

      I wouldn't be surprised at all if some larger and better connected firms took extra-judicial measures against ransomware players unlucky enough to strumble across particularly sensitive data.

      1. Mark 85 Silver badge

        Re: Isn't it odd...

        I wouldn't be surprised at all if some larger and better connected firms took extra-judicial measures against ransomware players unlucky enough to strumble across particularly sensitive data.

        What we really need right now in the security area for this is an Uncle Guido. One who has friends in low places. Then your hope might become reality.

    3. Anonymous Coward
      Anonymous Coward

      Re: Isn't it odd...

      I'm inclined to agree with Oh Homer, ransomware is a criminal extortion protection racket that affects the average person in the street or average firm, where as copyright is a criminal extortion protection racket that affects the average person in the street or average firm.

      1. Prst. V.Jeltz Silver badge

        Re: Isn't it odd...

        "where as copyright is a criminal extortion protection racket that affects the average person in the street or average firm."

        The difference being the average person in the street violating copyright is guilty , whereas the idiot who's had his files encrpted isnt.

    4. Milton

      Re: Isn't it odd...

      "... that copyright trolls can so easily track down pirates, shutting down domains, confiscating profits, and prosecuting those responsible, and yet all the might of the "security" industry can't track down a handful of ransomware extortionists, instead resorting to a pathetic exercise in damage limitations?"

      It's not odd at all, sadly. So far, ransomware has only harmed the little guys, barring some universities and small businesses.

      If, on the other hand, it threatened the profits of multinationals, lobbyists would be buying up congresscritters by the bucket load to pass laws and send task forces.

      When you have more to offer your politician than your vote (which, in the UK as in the US, is usually wasted, given they are versions of FPTP electoral systems), for example a few envelopes full of cash, s/he will work on your behalf. Otherwise, forget it, sucker.

      1. John Brown (no body) Silver badge
        Thumb Up

        Re: Isn't it odd...

        "When you have more to offer your politician than your vote (which, in the UK as in the US, is usually wasted, given they are versions of FPTP electoral systems), for example a few envelopes full of cash, s/he will work on your behalf. Otherwise, forget it, sucker."

        SO, basically you are saying that getting your political representative to do anything for you is a bit like trying to get a ransom-ware key from an extortionist?

  2. sequester

    Guess who aren't partners?

    That's right, the primary problems: Microsoft, Apple, and Google.

  3. Anonymous Coward
    Anonymous Coward

    Nice to see these guys wake up and realize they still exist...

    * Because Home / retail security has been piss poor for the past decade (by their own measure of success).

    * So sure get proactive and remind us you're still there. As bundling useless Norton / Symantec / McAfee etc products just because you can, doesn't wash anymore....

    * And Avast and AVG selling user info??? That's killing the rest of the market!

    * Even Malwarebytes and Kaspersky are licking their wounds these days....

  4. Locky

    Come on then

    I'll take you all on.

    And yes, I am going to flease this joke until they stop making Locky virues

  5. Oh Homer
    Headmaster

    re: "confusing security firms with law enforcement"

    Funny, but I was just thinking the same thing about the MPAA and friends.

    The long arm of their "law" reaches into every country of the world, in which they seem to have magically acquired whatever jurisdiction they need.

    So where are these magical extra-jurisdictional powers when they're actually needed for something worthwhile, like defending the little guys who might actually need the money to survive, instead of propping up multi-billion dollar cartels?

    I just find it odd that these supposed champions of virtue have no difficulty reaching deep into foreign places to grab the "bad guys" when it suits them, yet seem surprisingly impotent in the face of real criminals that cause real harm to real people.

    1. Mark 85 Silver badge

      Re: re: "confusing security firms with law enforcement"

      The answer is in your second paragraph.. about "little guys" and multi-billion dollar cartels. In US, one has to follow the money.

  6. Milton

    'strong encryption is difficult'—Nonsense

    "since implementing strong encryption is difficult"

    That is absolute tosh. Implementing strong encryption is arguably even easier than doing it badly. The algorithms, and in many cases, the actual code, are widely available. Good crypto requires algorithms to be challenged and tested very thoroughly, so the best systems have been attacked and improved by countless people over the years. I doubt it would take you more than five minutes of surfing around to download a bulletproof implementation of AES.

    We're lucky that ransomware scum mostly haven't *done* good encryption so far, but it's pretty obvious that this is what they'll do next. Good luck decrypting your files if they threw a nice long random key at AES-256. You won't do it.

    Decrypting ransomwared files has a short shelf life. Soon enough the bastards will wise up, and then your only security will be to make sure their crud doesn't get onto your system in the first place, and/or (duh, of course) having a good backup policy and enforcing some protections to ensure that nasties cannot simply write to any file anywhere on your system or network.

  7. Anonymous Coward
    Anonymous Coward

    If you want to track them follow the money

    Bitcoin is only semi anonymous. To make it really anonymous it needs money launderers. The question concerns how deep this rabbit hole goes. If Bitcoin has few legitimate purposes, then the cash to Bitcoin exchanges are money launderers too. Whether or not that is the case legally, those specifically offering anonymization services within this market seem legitimate targets for law enforcement, or if operating outside the jurisdiction of law, extra legal enforcement. E.G. see https://bitlaunder.com/anonymize-bitcoin

    1. Destroy All Monsters Silver badge
      Holmes

      Re: If you want to track them follow the money

      Thank you for this message from the grumbling bowels of state control.

      I hear bitcoin mining is big in Venezuela so as to be able to evade the socialist paradise's management of foreign currency exchanges and get some money out of the wreckage. Progressives, "tax evasion" spotters with the "we are all in this together" concentration camp mentality as well as statists may bemoan this. I call it freedom and we need more of this. If this means money launderers can launder and central banksters get sweaty, well, so be it.

      1. Anonymous Coward
        Anonymous Coward

        Re: If you want to track them follow the money

        "Thank you for this message from the grumbling bowels of state control."

        Aha. An evil "statist" who knows that no human rights exist other than through corresponding obligations enforced through the rule of law replies:

        Concerning your linked message claiming someone with a PC in Venezeula can obtain $1200 a day Bitcoin mining, there are indeed many similar flyposts in my neighbourhood seeking out suckers with claims about being able to earn similarly difficult to believe sums working from home attached to mobile phone numbers. Your faith in the ability of cryptocurrency networks to free people from commonplace tyrants is indeed quite cute, but I've read that Bitcoin mining migrated to places with the worlds cheapest supplies of electricity using dedicated ASIC machines years ago.

        And as to what you imaginatively call "freedom", my freedom includes my choice to pay state police services to provide me with a cheaper form of protection of my imagined "legitimate" interests, wherein I retain more court enforceable human rights after paying my taxes than I'm likely to obtain otherwise, and if required the job of these paid rights enforcers includes throwing so called "libertarian" crooks who blackmail and defraud others into jail after fair trials, in preference to my having to endure the depredations of the criminal "protection" rackets which I understand as your proposed alternative.

  8. Doctor Syntax Silver badge

    "a conservative US$84,000 a month for an investment of US$6000, a whopping 1425 per cent profit margin"

    There are many things appropriate to call the perpetrators but "cretin" isn't one of them.

  9. Tikimon

    Could this inadvertently weaken encryption?

    After 20 years of IT laffs I'm frankly paranoid. So it gets me wondering if any of this effort will indirectly prove useful to The Man, who hates encryption and would like to break it. Or criminalize it if unbreakable. I doubt the companies or bodies involved would do such a thing, but once you find a way to break something, it WILL escape into the wrong hands. Or in the case of the NSA, GHCQ and such, the wrong grasping claws.

    Hey, why no "Terror/Panic" icon?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022