They found that one!
Fire up the others.
China-backed spies are said to have tore down their own 260,000-device botnet after the FBI and its international pals went after them. The botnet was controlled by the somewhat misnamed Integrity Technology Group, a Chinese business whose chairman has admitted that for years his company has "collected intelligence and …
It's absolutely insane that the FBI is allowed to participate in paying ransom.
It's time to stop the ransomware and criminalize the payments. You can't arrest a botnet operator in China, but you can arrest a CEO whose company paid. Stop the payments, end the profits, and you stop the ransomware.
And to those idiots who like to whine "it's more complicated than that" - No, it isn't. Ransomware is about money. Stop the money, make paying a crime, and the problem WILL go away. It IS that simple.
Just like kidnapping.
It was made a crime to pay a kidnappers ransom, result : no more kidnappings for ransom in the US.
Do the same with ransomware. When there is no more money to be made, the only attacks left will be those of state actors who have other interests in mind (my how that sounds better <shudder>).
It's time to stop the ransomware and criminalize the payments. You can't arrest a botnet operator in China, but you can arrest a CEO whose company paid. Stop the payments, end the profits, and you stop the ransomware.
If you ban crypto, you have stopped the payments.
Nowadays it would be probably an unfortunate Glovo or Doordash guy with instructions to pick an item in place A and drop it in place B, with baddies watching if he's picked up by the police. Make enough transfers like that and the money bag would be swapped mid-travel by an insider. Or have I seen too many movies :)
We're pretty lax on the myriad of Chinese companies who dump insecure and unsupported devices onto our markets. You could even argue that they're doing this on purpose to facilitate hacking by the Chinese government.
Linux isn't that hard to secure if you know what you're doing. The fact that these companies are unwilling to make the effort and we're not doing enough to punish them leads to the situation we're in now.
If you work in this type of business you'll know that the priority of marketing -- management, in other words -- is adding new features. We all know as users that we'd far rather have fewer features and more testing to improve reliability and harden against bugs and threats but advocating this falls on deaf ears. There's nothing to suggest that a Chinese company is no different from an American one so I'd guess that rather than they working to some carefully thought out Machiavellian plan to subvert the universe they're just like us -- a rough and tumble environment where the priority is always getting 'the latest' out as quickly and cheaply as possible.
I've been at the center of this on more than one occasion at more than one company. There's never any resources for fixing legacy code so the pressure is just to slap the same old IP stack in that we've always used, the one that 'mostly' works 'most' of the time. It doesn't help that maintenance is seen as a low caste job, something that's relegated to second line workers and juniors while the superstars are busy creating new stuff (and invariably leaving a trail of 'not quite finished' code in their wake).
Our government is at fault too for not punishing these companies for releasing blatantly insecure software on their devices. My advice would be to ban such companies from selling their wares for 5 years on our markets (NAFTA, EU).
And it's not about features either. There's a minimal and I would say almost trivial amount of work you need to put in to secure these devices. These companies willingly refuse to do so.
This is what happens \when a COMMUNIST country is building all of those devices with SLAVE LABOR and have intimate knowledge of their inner workings... and a pattern of EXACTLY this kind of nefarious behavior, from violation of I.P. to outright criminal activity (like THIS).