I won't even allow the JS to run the video player.
Be honest. Would you pay off a ransomware crew?
Believe us, we wish there was a simple solution that could stop ransomware dead in its tracks for good. But we all know life is not that easy – nor is it hopeless. Some have suggested a total ban on ransom payments will help curb attacks, and we sympathize with that view. There is perhaps a discussion to be had, though, over …
COMMENTS
-
Thursday 11th January 2024 01:36 GMT Anonymous Coward
Would I pay a ransom? No.
No. Absolutely not. No matter how low the ransom or how high the value of what I lost.
1. Funding the criminals encourages them to hit again, whether me or someone else.
2. There's no guarantee I'd get my files back or my system would be clean afterwards; they may reactivate the malware in a few months and hit me up again.
3. The ransom money is often used by terrorists and rogue states.
-
Thursday 11th January 2024 02:35 GMT HuBo
And actuarial
Brandon wins this here Kettle hands down, for facial expression at 13:41+!
Beyond that, yes, definitely, insurance companies beat casinos (and crims) in this contest, no sweat! They (and Wells Fargo) employ the toppest-level recent PhD grads (including to hedge bets on climate change), and some real high-caliber BS kids in engineering do aim themselves towards actuarial activities (where, in a different world, they might have done much more valuable science for humanity instead, IMHO).
Whatever insurance companies say (eg. as with shoes, this is not a one size fits all issue) goes, in my estimation. I hate them with outstanding enthusiasm, but they do employ the greatest minds and computational approaches and hardware, much beyond what casinos and crims do, both of whom appear extremely naive by comparison. Today's legitimate insurance outfits are essentially the mafia's mafia, the meta-mafia if you will, without official extra-judicial powers (that we know of; a scientifically-based protection "racket").
To pay or not to pay (ransom), the most enlightened answer will come from your insurance company, if any, otherwise, tough shnitzel (IMHO)!
-
Thursday 11th January 2024 18:47 GMT doublelayer
Re: And actuarial
The problem with that is that their calculations are just actuarial. They calculate whether paying the ransom in this particular case is more or less expensive than paying to recover without doing one. They probably have someone looking at the details to factor in the need to clean the systems afterward, the likelihood of getting your data, and whether the decryption process will have extra difficulties. What they don't factor in is how much paying this ransom will exacerbate the problem of ransomware in general because they don't care. If it does, they get more insurance payments, and if it doesn't, they will have fewer claims to pay.
When we make regulations, we do care about whether ransomware increases or decreases because we're trying to write them such that it does decrease. Insurance companies' estimations are insufficient to answer that question because that is not the question they are trying to answer.
-
-
Monday 15th January 2024 11:39 GMT Necrohamster
Re: And actuarial
"Last time I looked, insurers weren't a licence to print money."
Funny. That's exactly what they are.
They exist solely to take your money and find a reason not to pay out when a claim's made.
Like the time Merck's insurers tried to deny their claim on the basis that a ransomware attack was a "warlike action". See also: Mondelez International and Zurich American Insurance
-
-
Monday 15th January 2024 00:40 GMT Benegesserict Cumbersomberbatch
Re: And actuarial
For all their PhDery, insurance companies have no Nash equilibrium, their only interest is self interest. So they will choose not to take into account the most important question here - What is the opportunity cost of encouraging these bastards by paying them at all, even sometimes?
-
-
Thursday 11th January 2024 05:46 GMT Grunchy
I backed up all my VMs to a SD card, which I blew $30 on at Boxing Day extravaganza. It is offline and sitting in a secure location (*I* don’t even know where the hell it is, at the moment.)
By all means, burn down my system: see if I care. I’ve got the guts for at least 6 rebuilds kicking around here. I might be able to manage…
-
Saturday 13th January 2024 22:43 GMT Lord Elpuss
The critical word here is 'latency'. Meaning: it's ridiculously easy, and secure, to have a backup of older data that doesn't change very much, and that you have tons of time to recover it. If this were the only consideration, ransomware would cease to exist as a viable vector for extortion.
It becomes several orders of magnitude more complex when your data changes rapidly, and/or you need access to it in anywhere near realtime. Now, it's simply not possible to "offsite it to an SD card, I know not where".
-
Monday 15th January 2024 09:42 GMT Peter2
disc to disc to tape.
As in, backup the original files using a reputable backup program to a disc only accessible on the server running backups and not accessible to the sort of moron who runs ransomware. This grants immediate access to the files should they be required. (down to instant restore using programs like veeam) Then transfer those files to tape for offsite storage, just in case somebody burns the office down etc.
Also, set either a software restriction policy or applocker policy for normal users that prevents any executable program (eg, .exe, .bat, .etc) from running outside of %program files%, which will summarily prevent anybody from actually infecting your systems in the first place as it becomes impossible to actually run the things.
-
-
-
Thursday 11th January 2024 07:31 GMT Securitymoose
Doesn't anyone do backups anymore?
Back in the day, a rolling backup was essential, with daily, weekly, monthly and yearly tapes all in rotation. With the availability of cheap storage in the terabytes or cloud facilities, there is no excuse for not having adequate provision. Ransomware? Just roll back to the previous working copy. Yes, you might lose a few days work, but this can be rebuilt if you have adequate short term records (you do have, don't you?). You can then track the breach and deal with it, if you haven't already. The application of a red hot poker to various parts of the perp will ensure it doesn't happen again.
-
Friday 12th January 2024 13:43 GMT I could be a dog really
Re: Doesn't anyone do backups anymore?
All well and good - says I as my overdue backup is grinding away in the background.
But from what I've read, some of the cleverer ones encrypt files and install software that will decrypt them on the fly. So you don't know you've been done until days/weeks/months down the line. I guess if they are clever enough for that, they'll have considered backups and you'll find your backups contain the encrypted versions. In that situation, you might have to go back some time to good backups - if you have them that old - and that may well be old enough that you might as well not bother (business wise).
-
-
Tuesday 16th January 2024 02:01 GMT doublelayer
Re: Doesn't anyone do backups anymore?
You have a binary extract the file to a temporary location and execute it there. I'm not sure I understand why you're asking this, though. The malware that encrypts backups isn't running inside the backups, but interceding between the backup process and the storage media and writing something different to the media. That program is not in the tar file, but gets to write its own tar file, possibly including a copy of itself in case the operators simply restore everything in there to the server.
-
-
-
-
Thursday 11th January 2024 13:25 GMT CorwinX
There's two aspects to this...
... that need to be addressed separately, though at the same time.
The first is all your drives have been encrypted. If you don't have adequate nightly backups using a method that can't itself be attacked then tough shit. Sucks to be you.
If you do, then suck it up, wipe every single drive and restore from the backups.
Secondly, is data exfiltration - your systems are fine but the crooks have got away with sensitive data. Aside from blocking the hole the rodents used it's not an IT problem anymore, it's a political one.
As I've mentioned before, given the eye-watering amounts involved I'd be balancing the costs of the ransom against the cost of engaging the services of a specialist rodent exterminator.
-
Thursday 11th January 2024 13:43 GMT CorwinX
Re: There's two aspects to this...
If that seems a bit extreme then note that these funts have started attacking hospital and other healthcare systems.
It's almost certain they've got blood on their hands.
There was a time when they "ethically" steered clear from hospitals and only went after corporations.
Seems that time has passed.
-
-
Saturday 13th January 2024 22:50 GMT Lord Elpuss
Re: There's two aspects to this...
"Well the Zionists bomb hospitals..."
No they don't, and didn't. It's easy being a PoS shill until you bounce up against somebody who actually has genuine firsthand experience of what you're pretending happened.
Now isn't there a "protest" in London you need to be attending?
-
Sunday 14th January 2024 02:12 GMT xyz123
Re: There's two aspects to this...
Hamas pretended that hospital had been hit. they themselves blew up a large bomb in the car park and murdered 6 palestinians to strew their body parts around the hospital grounds so they could blame Israel.
over 1/2 the supposed "strikes" Israel is blamed for, turn out to be Hamas murdering their own people to stage fake "atrocities"
-
-
-
-
Thursday 11th January 2024 18:01 GMT Tron
My artistic erotica is secure.
Not so bothered about the rest.
Individuals generally aren't the target. The cheapest option is to be secure in the first place. Keep all your goodies on an intranet that can never be accessed from the public internet. Two screens on every desk. And make regular backups of anything that might get pinched. The distributed model would have users retaining their own data on their own machines, like a permanent cookie, so would be inherently more secure.
If you do get done, add enough on to the insurance claim to pay for a hit squad in whatever third world toilet your hackers reside, and tick the boxes for a video, prolonged torture and loss of testicles. A million bucks will pay for a hit in Russia, China or North Korea. After all the hassle of getting your system back up, seeing those responsible disassembled the old fashioned way in high def will be most enjoyable.
-
Friday 12th January 2024 13:48 GMT I could be a dog really
While I can see the thought processes behind some of the ... "more extreme" ... suggestions above for punishment, I really can't work my way to thinking anything like that is justified or justifiable. There really comes a point where you are becoming no better than the scum responsible for ransomware and other such misery.
TL;DR Please some of you read what you've written and think about what that really means.
-
Saturday 13th January 2024 01:25 GMT Michael
lasiness is
Hmm, this is the register. Are you aware that people troll for fun?
Also, who doesn't have backups that they test regularly. Fuck you bad guys I'll restore from backup lockdown your entry method and apologise to my customers with a month's free access and get on with life. If I can't recover in less than 3 hours I haven't designed the system correctly.
I expect my team to be able to recover in that time without any effort. Admittedly every time we try we discover something wrong on the documentation. Equally we manage it within the three hours.
A backup is only as useful as the procedure to restore it. It is only a valid backup when you test the restore process.
E.g. I remember a fun period during my master's course when both I.T. people responsible for our computers were due to go on holiday on the same week. A mistake that should never have allowed. The solution was to appoint two students to work in I.T. for a week to provide cover. Actually I think they started before they left and finished after they returned. Being ignorant of how things worked and terrified of the .I.T. professionals they went out of their way to test everything they did during that week. It was made clear that everything they did would be tested, verified and they would be held responsible for every mistake.
Holiday over, the I.T. team returned in trepidation. What had broken? What did they have to do to fix everything? The students had discovered the backup scripts pointed to a server that didn't exist and failed silently. They pointed it to a valid server and set email alerts on failure. They created scripts to recovrer systems and tested it. They upgraded all the Solaris servers to the latest versions which had been an issue until that point.
Then they installed the tape decks and verified the backups worked and documented the recovery process.
I.T. were so terrified that anyone would notice what the students had achieved that we got away with anything on the networkg that year. Network gaming was no longer banned and we had outstanding games against staff and students. The students, learned a very important lesson. Test your bloody scripts regularly, then get someone else to check your scripts regularly and be certain you can recover from disaster.
Simply put, don't pay up, pay ahead and test your backups and know you can recover from an attack. It isn't difficult, it is what you get taught as an apprentice, as a student and as a professional. Don't be a lazy arsehole.
-
-
-
Saturday 13th January 2024 17:02 GMT Ideasource
Probably an unpopular opinion.
If you grow too big for your britches you become the biggest target.
It seems fair to me that those that game higher success through social renown in the commercialized world fall by the same lack of discretion and restraint.
Stay small and discreet or expose yourself as the bigger treasure pot to plunder.
Helping to provide overturn and prevent entrenchment.
Those who climb higher encourage ever larger more sophisticated attacks through their visibility.
This seems to be basic natural Dynamics maintaining independent of human fantasy.
Is anybody actually surprised?
-
Sunday 14th January 2024 02:10 GMT xyz123
One day even though it's illegal a ransomware group will target the wrong company, and they'll hire hitmen to murder the hackers and their entire families as a warning to others.
It's not legal in any sense, but its 100% going to happen. You don't make enemies of very very rich powerful shareholders without taking the life of your loved ones into your hands.
-
Sunday 14th January 2024 16:30 GMT Joe Dietz
A one time payment is nice, but what we need is a recurring revenue stream...
Ransomware is a business, not a tactic. The trend in this business is towards 'Surprise backups' of victim data. Ransome isn't quite the right word; blackmail is more like it.
Imagine you have gained control over a law firm, it has many people's secrets in their files and a professional obligation to protect those secrets. You could 'sell' a onetime license to the law firm so they can avoid using their backup.... Or you could sell an _annual_ subscription service of not telling others about all of their secrets. Any MBA will tell you that the recurring revenue is better... and so much harder to defend against.