back to article When are we gonna stop calling it ransomware? It's just data kidnapping now

It's getting difficult these days to find a ransomware group that doesn't steal data and promise not to sell it if a ransom is paid off. What's more, these criminals are going down the extortion-only route, and not even bothering to scramble your files with encryption. As we've pointed out before, by ditching all that fiddly …

  1. druck Silver badge

    Not a good reputation

    creating technical support headaches and bad reputations

    I'm sure they have sleepless nights worrying about not providing top notch technical support to their victims, and not getting glowing testimonials on

    1. Anonymous Coward
      Anonymous Coward

      Re: Not a good reputation

      I don't know. Given that it is nowadays apparently deemed acceptable to spam customers with questionnaires for every possible interaction ("You filed a complaint. What is your opinion of our company?") I suspect someone will eventually do this, if only because of a dark sense of humour.

      (And yes, I received a questionnaire after asking a company to fully and completely removing my details, so that's gone in a complaint to the regulator)

      1. Gene Cash Silver badge

        Re: Not a good reputation

        Yeah, I love the "please rate our app" before it even finishes installing. That guarantees a 1-star.

        I updated the Google SMS app, which installed some new app because Google changes their SMS app every Thursday. It demanded that I review it, so I said in the review "Stop asking me to rate it"

        Google deleted it saying I needed to make feature requests elsewhere.

        I changed it to "Giving a review as requested. Can't give the 0-star review that it deserves."

    2. Blazde

      Re: Not a good reputation

      I suspect they care about reputation just as much as any similarly long-lived white market brand does. How's Fyre Festival doing on Tripadvisor?

      Meanwhile a well established ransomware group could see it's profits plummet following an El Reg article mentioning a single failed decrypt.

  2. Snowy Silver badge

    Not Data KIdnapping but Datanapping.

    If you look up the history of the word Kidnapping it should clearly be Datanapping.

    1. hitmouse

      Re: Not Data KIdnapping but Datanapping.

      That's going to pose problems when i explain my afternoon catnapping.

  3. Ken Moorhouse Silver badge

    The problem with extortion-only datanapping...

    From a cybercrim's perspective, the problem with extortion-only datanapping is that some other cybercrim can come along and repeat the exercise, meaning that the victim might have to deal with more than one extorter. With ransomware if you're there first nobody else can swipe your lunch. In fact, with ransomware you are kinda protecting the victim by limiting the damage.

    (IANACC, just pointing out the dangers with a tongue in cheek example).

    1. trindflo Bronze badge

      Re: The problem with extortion-only datanapping...

      I'm not aware of the criminal's boardroom discussions, but I'm certain I read an article recently describing multiple thieves hitting the same poor duck such that their likelihood of decrypting was about zero.

      Dunno. What happens when two pirates hit the same ship? Do they share the booty and have a jolly time talking about crime, father-stabbing and other groovy things or does it devolve into a shark feeding frenzy?

      1. Ken Moorhouse Silver badge

        Re: What happens when two pirates hit the same ship?

        The attacks I have got involved with change the extension of the file, plus the binary header is changed too, so it doesn't look like a pdf. Any new attack should therefore ignore those files.

  4. Anonymous Coward

    C-Suite problem

    The distinction might make sense to the suits due to the PR hits mentioned.

    But for IT it is a distinction without a difference. Preventing network intrusions doesn't care what 'ware' it is. Nor does detecting and removing intrusions caused, as is so often the case, by social engineering. Data recovery has been an issue since before 'ware' became big, although it's existence makes the process more difficult.

    The biggest problems for IT in this area are lack of funding and lack of in-house talent.

    One can only hope the suits might consider this as they beef up PR, lawyer, and insurance budgets.

    1. Richard 12 Silver badge

      Re: C-Suite problem

      Detection is different though.

      Datanapping requires a significant amount of outbound traffic which ought to be relatively easy to detect while in-progress, while encryption only requires the key to leave your servers so you'd never see that in the noise.

      The CPU and disk usage profile is also different, of course.

    2. Peter2 Silver badge

      Re: C-Suite problem

      The biggest problems for IT in this area are lack of funding and lack of in-house talent.

      I'm going with "lack of in-house talent", since Software Restriction Policys have been a freebie in Windows since XP (and applocker is also a freebie in later versions although the SRP still works) and even an incredibly lazy method of setting the default level to disallowed and allowing %program files% and %//authorised network share% instantly prevents the userbase from running trojans they either download or bring in with them on external media. (since %temp% isin't in program files and is therefore disallowed from executing a program)

      Without spending so much as a penny that instantly and pretty permanently kills trojans, while still allowing the users to work as normal. (as long as their normal job doesn't require them to receive .exe files via email and run them)

    3. ThatOne Silver badge

      Re: C-Suite problem

      > One can only hope the suits might consider this as they beef up PR, lawyer, and insurance budgets.

      What else would they beef up? Once your data is gone, IT is pretty much useless, except as a scapegoat.

      Unless of course you mean anticipate potential risks, and waste perfectly good, bonus-inducing profits in obscure pointless technobabble. No sane manager would do such a thing! As long as there is the slightest chance it won't happen to you, you will avoid wasting any money on it.

  5. sinsi

    Thanks for doing us a favour

    "notorious RaaS gang LockBit had issued guidelines for affiliates that included not using file encryption against organizations in such industries as healthcare."

    I won't put any biological weapons on the knife I stab you with.

    Gee, thanks. FOAD.

  6. ThatOne Silver badge

    That we call a rose, by any other name would smell as sweet

    > That said, Morris isn't convinced that extortion-only needs its own category.

    I agree. Technically it's blackmail in both cases, and in both cases it's your data which is at stake. The only difference is at PR level, because instead of the mild sympathy you'll get if your vital data gets encrypted and you're incapable of doing business anymore, you will experience some public resentment due to all that sensitive data you had accumulated being now spilled all over the Internet.

  7. Binraider Silver badge

    If you pay the ransom, what's stopping the ransomers demanding more? Or releasing anyway? If your data is that important to contemplate paying the ransom, maybe, just maybe you should have invested properly in your backup and storage security personnel & systems?


    Sorry about the all caps.

    1. Throatwarbler Mangrove Silver badge
      Thumb Down

      Victim blaming! Drink!

      I expect they pay it for the same reason that people pay kidnappers, despite government orders to the contrary: they're not willing to lose what was taken. It's all well and good for people with no skin in the game to tut judgementally, but if it were your business or beloved person at risk, you might be talking out the other side of your mouth.

      1. Binraider Silver badge

        We're talking ransomware here, not people. The latter, it's a different situation.

        If my own business was hit with encryptionware, then the backup strategy is there to get us out. If somehow the backup strategy is hit, c'est la vie, go back to an early enough point to and carry on. Somewhat annoying, some rework, but largely, not a big deal.

        If it was a straight up ransom for the release of data, there is very little around that is really that confidential. Customer data, names addresses etc being the most obvious things requiring a degree of protection in your average business. Maybe some IP or technical documentation (and what is that doing in a low security system if it's that valuable?)

        As there is no guarantee that even if you cough up they won't release or resell the data and/or demand more, the policy is don't pay, and with good reason. One can debate the merits of "good criminal/bad criminal". If they've already stole your golden goose you can pay what you like - but you have still lost it.

        If your data IS that confidential to warrant actual protection. MOD stuff, etc. you should damn well be paying for knowledgable security in the first place. E.g. theft of data from the F35 programme, cough, cough.

        1. Throatwarbler Mangrove Silver badge

          > We're talking ransomware here, not people.

          Yes and no. I mention kidnapping because the guidance of the US Government is for US citizens not to pay foreign kidnappers (in fact, I believe it's illegal) for precisely the reason you cite for not paying ransomware scum, which is that paying off one set of kidnapper encourages others. That aside, people are impacted by ransomware. For example, there was a recent article in this very organ which highlighted a hospital being afflicted by a ransomware outbreak. In such a case, people's lives are being very directly impacted!

          It's all well and good to point the finger sanctimoniously at organizations impacted by ransomware, but it's worth remembering that perfect security is an illusion. You personally might think you have sufficient protection, and maybe you've done sufficient testing to be sure. For many organizations, however, there is a combination of complexity, legacy configurations, inadequate budget, and lack of security focus in, it must be remembered, a rapidly evolving threat landscape which makes it very difficult to be certain that one's IT environment is sufficiently protected. And those factors, of course, exclude the widespread burnout in IT professionals.

          One thing I note in the mindset of many Register commentards is a distinct lack of understanding and imagination with regard to managing any environment besides their own, resulting in a concomitant simple-mindedness with regard to solutions. Any problem you don't adequately understand is easy to solve, after all!

        2. trindflo Bronze badge

          You are correct that with the right protection (and backups are not really enough; the data would need to be encrypted at rest for example), it would be wrong to pay the ransom because you have a way out of the situation.

          But if the thieves have managed to catch you flat-footed, it can quickly become about people as you are forced out of business and all your employees get dumped into the street. Is it your fault if you get caught flat-footed? Yes. Does it happen? Yes.

          If you are protected, why do you care if the buggers hit your windshield? The business that failed to plan is getting punished for being short-sighted (and might never get to make the mistake again). It would be great to see the thieves put out of business. Of course if the data theft business is a thin veil for state actors then profit isn't necessarily going to impact them all that much.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like