Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Security

The Government is Getting Fed Up With Ransomware Payments Fueling Endless Cycle of Cyberattacks 104

With ransomware attacks surging and 2024 on track to be one of the worst years on record, U.S. officials are seeking ways to counter the threat, in some cases, urging a new approach to ransom payments. From a report: Ann Neuberger, U.S. deputy national security adviser for cyber and emerging technologies, wrote in a recent Financial Times opinion piece, that insurance policies -- especially those covering ransomware payment reimbursements -- are fueling the very same criminal ecosystems they seek to mitigate. "This is a troubling practice that must end," she wrote, advocating for stricter cybersecurity requirements as a condition for coverage to discourage ransom payments.

Zeroing in on cyber insurance as a key area for reform comes as the U.S. government scrambles to find ways to disrupt ransomware networks. According to the latest report by the Office of the Director of National Intelligence, by mid-2024 more than 2,300 incidents already had been recorded -- nearly half targeting U.S. organizations -- suggesting that 2024 could exceed the 4,506 attacks recorded globally in 2023. Yet even as policymakers scrutinize insurance practices and explore broader measures to disrupt ransomware operations, businesses are still left to grapple with the immediate question when they are under attack: Pay the ransom and potentially incentivize future attacks or refuse and risk further damage.

For many organizations, deciding whether to pay a ransom is a difficult and urgent decision. "In 2024, I attended a briefing by the FBI where they continued to advise against paying a ransom," said Paul Underwood, vice president of security at IT services company Neovera. "However, after making that statement, they said that they understand that it's a business decision and that when companies make that decision, it is taking into account many more factors than just ethics and good business practices. Even the FBI understood that businesses need to do whatever it takes to get back to operations," Underwood said.
This discussion has been archived. No new comments can be posted.

The Government is Getting Fed Up With Ransomware Payments Fueling Endless Cycle of Cyberattacks

Comments Filter:
  • Duh (Score:5, Insightful)

    by dark.nebulae ( 3950923 ) on Friday October 18, 2024 @11:20AM (#64874741)

    The only folks not fed up with it are the criminals that are getting paid.

    • Uncle X told me that in the 1980s car insurance companies would buy used car seats and used T-Tops to replace ones which were stolen.

      That setup a thriving market for people to steal a car, steal the seats out of it, steal the T-Tops and sell them to a junk yard.

      The junk yard would then sell them to the insurance company.

      It took about 2 years for insurance companies to figure out that buying used parts only enabled the theft in the first place. The insurance companies stopped buying used parts and bought on

    • Many businesses don't care because getting stung by it is cheaper than having proper security and backups. Plus, ransomware has better quality software and tech support than almost anything else in the tech sector.

  • I've seen a few kidnapping movies in my time and I can't understand why ransoms aren't outlawed (unless they are, and the movies pretend otherwise). I guess the government wants to make sure that people keep talking to the police?
    • Re: (Score:2, Flamebait)

      No.We have to leave it up to the free market. The invisible hand will provide us all with optimal solutions. Government should get involved.

      Right?! =D [ROTFL]
    • Re: (Score:2, Insightful)

      by DarkOx ( 621550 )

      because it would just make criminals of people who are already victims.

      Imagine someone had your kid and was demanding money. Would say welp, sorry paying you would be illegal? No nobody would do that. They'd figure out how to pay and deal with the consequences later. -Worse they'd pay and then many likely would help hide the entire crime from the authorities not wanting to get into legal hot water themselves. It would make the problem worse.

      • How about we hire educated police instead of community college educated children, and have them actually fight actual crime?

        • Right, require PHD in psychology to be a cop. Our real problem are educated bigots who think they know everything because they knew the right answers on the SAT test. The reality is that education has almost nothing to do with police work.
      • because it would just make criminals of people who are already victims.

        Does your insurance pay off if your unlocked car, parked with all the windows open gets stolen?

  • by cellocgw ( 617879 ) <cellocgw&gmail,com> on Friday October 18, 2024 @11:23AM (#64874751) Journal

    It's strictly illegal for corporations to pay bribes or kickbacks to facilitate their business operations. Congress could easily extend those laws to make paying ransom illegal as well.

    • Insurance (Score:4, Insightful)

      by JBMcB ( 73720 ) on Friday October 18, 2024 @11:28AM (#64874775)

      The proper place to fix this is with insurance. To get business insurance to cover this stuff, you should have to prove you have a proven, tested and audited recovery plan.

      • by Anonymous Coward
        Or have a strict published policy of not paying ransoms. Alternatively, paint a target on your company, and get what you've payed for.
        • Or have a strict published policy of not paying ransoms.

          That's how you either 1.) lose customers to another insurance company who is not that strict, or 2.) play the shell game where the customer hires a consulting firm to "reverse engineer" the ransomware and "extract the key", which is a highly skilled process costing...1.5X the ransom, conveniently, since all that happened was that the consulting firm paid the ransom and is making money for their service of enabling the client to collect on the insurance payout.

          • by dargaud ( 518470 )
            Easily prevented by auditing any such consulting firm. Make paying ransomwares punishable by prison time.
      • Re:Insurance (Score:5, Insightful)

        by postbigbang ( 761081 ) on Friday October 18, 2024 @12:15PM (#64874919)

        Insurance will climb until it's not payable any more, look at FL for examples.

        Instead, using intelligence to set up outside-US IP address databanks and watch where they go, and what they do, is a solution.

        Having fast backups and a business continuity plan is a solution.

        Looking for big globs of data being heisted/exported/movements is a solution. Think of it as Data Customs.

        Increasing liability for posting your certs on git/hub is a solution.

        Criminal penalties for fiduciary irresponsibility is a solution.

        And there are many more, and the US Congress has too many business bribing it to take action or take on responsibility for insane errors, no business continuity plans, and just being responsible for data with asset value.

        Insurance is NOT the answer. Curing the problems is the answer.

      • by lsllll ( 830002 )

        you should have to prove you have a proven, tested and audited recovery plan.

        If you have all that, then what do you need insurance for? For your downtime?

        • by ukoda ( 537183 )
          Yes, that is what the insurance should be for, and only that. Such insurance should be relatively cheap since money would no longer be going to criminals.
        • It's simple pareto. A good recovery plan will get you through 80% of potential issues. Insurance is there for the 20% your recovery plan can't cover. You get back up but Crowdstrike takes everything back down. Your IT department all quits at the same time.

      • by ukoda ( 537183 )
        Define 'Fix'. If insurance is used to pay a ransom that is not a fix, and it should be a crime as it will only lead to more victims. Any insurance fix should be limited to recovery and covering losses where a victim deals with the problem, without giving a single cent to criminals.
      • So you are saying the fix is to just inflate the price of everything just like retailers do to cover theft and credit cards do to cover theft.. Quite frankly I am tired of indirectly funding the fucking criminals.
        • by JBMcB ( 73720 )

          What's a better return on your investment if you are a company - spending the time and money on a reliable disaster recover plan, or paying out a ransom?

      • Re: Tax Impact (Score:4, Insightful)

        by 0xG ( 712423 ) on Saturday October 19, 2024 @12:52PM (#64877669)

        Most insurance premiums - and the payments to blackmailers - are legitimate business expenses. So they are deducted from revenue, and not taxed.
        Make them non-eligible and they will need to be paid with profits (rather than gross revenues).
        Then you will see a big change in behaviour.

    • Re: (Score:2, Interesting)

      by Brain-Fu ( 1274756 )

      When criminals hack hospital equipment and literally hold the lives of patients in their hands, you think the right thing for the hospital to do is just let their patients die and say "sorry, blame the criminals?"

      When they could instead pay the ransom and save lives?

      (Same goes for when people's children are kidnapped).

      Simply making ransom-paying illegal is actually very morally questionable.

      • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday October 18, 2024 @01:29PM (#64875145) Homepage Journal

        Allowing hospitals to have shit security is unsustainable.

        There is such a thing as a write only database. Nobody should be able to erase anyone's critical records.

        It should be illegal to run a hospital without competent security. Solve the problem at the supply side.

      • by ukoda ( 537183 )
        Wrong. Have you wonder why USA hospitals are top priority for targeting? It is because they pay, its not like it cost the hospital much, they simply pass on the cost to patients. Contrast that with when a hospital was taken down with ransomware in New Zealand. It probably cost lives but it was a dumb move and has never happened again because it was impossible for the criminals to get paid. Sure, it caused weeks of disruptions while services were slowly recovered, but the criminals didn't get a single c
        • by Brain-Fu ( 1274756 ) on Friday October 18, 2024 @02:51PM (#64875401) Homepage Journal

          It is because they pay,

          It's also because hospitals and medical devices have awful security. And it's not because the state-of-the-art in online security just isn't good enough to fend off criminals, it's because the administrators and manufacturers are all too cheap to apply them. They cut those corners, and people die because of it.

          Simply making ransom-paying illegal is a serious "punish the victim" approach, and it will cost people their lives. Instead, make regulatory changes that will require hospitals, medical devices, and everyone in the supply/support chain, to use actual good security practices.

          That is the right solution, morally and practically.

          • by ukoda ( 537183 )
            Yes, punish the victim, because by paying up they just made things worse for everyone else. They got hacked, I feel bad for them, but how they respond matters. Having decent security protection is important but all it does is move you down the list of targets. Total security is impossible, you should strive for it, but have a plan for when it fails. That plan should not be pay up and give the attackers more resource and motive to attack others.

            While "punish the victim" approach may seem unfair it wil
            • I really think you would change your tune if you were drowning in your own blood on a hospital bed while hackers demanded money to turn the power back on, so the doctors could save your life.

              If you were conscious you might even offer to pay part of the ransom yourself rather than die a slow and agonizing death.

              And if it was YOUR kid, who you loved very much, that kidnappers were holding for ransom...a ransom that you could totally afford to pay....are you just going to let them murder your child instead? "

              • by ukoda ( 537183 )
                I'm in New Zealand, so that is not going to happen. We have only every had one ransomware attack on a hospital here, no ransom was paid because it impossible for a hospital here to pay a ransom. There has never been an attack since because there is no money to be made.

                No I'm not heartless, the ransom of an individual is a different story, you have few options, but commercial ransomware attacks are different, you have options.

                In your "I really think you would change your tune if you were drowning in
    • by sodul ( 833177 )

      IINAL

      AFAIK, it is only a bribe if you think the money will go to a government official. While some of these hackers are working for the benefit of hostile countries they are not 'officials' and are not covered under anti-bribery laws, at least from my understanding under US law.

      To me the main problem is that the folks that are in charge of deciding how much effort and cost is put in security practices are never personally liable for what should account to willful negligence. In practice these folks will jus

    • by jabuzz ( 182671 )

      If we could get the combination of the G7 and the EU to make paying a ransomware carry a jail term for the board members along with band on being on board for the next 20 years and also anyone aware of the ransomware being paid for not reporting it get jail time, the practice would go out of fashion very quickly. Under those terms nobody is paying the ransom and if you can't make money there is no point to the practice.

    • What do you do when a hospital has a choice between paying ransom and letting patients die?

  • The fix is easy (Score:4, Insightful)

    by rsilvergun ( 571051 ) on Friday October 18, 2024 @11:24AM (#64874757)
    just make it illegal to pay the ransom. Companies have calculated good security costs more than paying the ransoms. The only fix to that is to fine them more for paying the ransoms than not.

    But we don't actually treat white collar corporate crime like a crime, let alone have enough white collar cops (aka "bureaucrats") to enforce it if we did.
    • The fine would have to be big enough to also take away the business incentive of paying the ransom. Usually paying the ransom is much cheaper than trying to rebuild what was lost, if not saving the company outright.

      Fines won't help, the risk to the company for paying a ransom should simply be the shutdown and closing of the company - make paying ransoms a choice they simply can't make.
      • by DarkOx ( 621550 )

        Oh yeah punish the victim. This type of thinking is exactly why I am as anti-government as I am.

        The thing to do is punish the criminals. Make crimes involving ransons carry a mandatory minimum of 50 years with no option for parole or early release! Make the damn State Department make it clear to our so called allies that if they permit cyber ransom operators to collect remittances, and operate the will face diplomatic consequences, trade sanctions, embargoes, possible military incursions and special opera

        • by abulafia ( 7826 )

          The thing to do is punish the criminals. Make crimes involving ransons carry a mandatory minimum of 50 years with no option for parole or early release

          Because as we all know, longer sentences solve crime. If you still have crime, you haven't made them long enough yet.

          Here in the real world, the vast majority of these players are in jurisdictions that don't give a shit about your law. Now what?

          Oh yeah punish the victim

          If you cannot competently manage your systems, you should not be building piles of s

        • Yes, exactly. Punish the "victim". It's fair, because in this particular case, it's not just a victim. It's both a victim AND a perpetrator's accomplice. Aiding and abetting a felon has its consequences.

      • by ukoda ( 537183 )
        Or make it jail time for whomever authorises payment to the criminals. See how many corporate employees are ready to do jail time for a quick fix that passes costs on to customers.
    • There are laws making it illegal to solicit bribes, to commit fraud, falsify records, or not do the work. And yet, all of the above, and more, keeps happening.

      • by ukoda ( 537183 )
        Sure, but the amount of bribes, fraud and falsify records are a fraction of what they would be if was legal. Just because laws get broken does not mean they don't have a meaningful effect.

        The proof is in how rare ransomware attacks are on target with no legal way to pay criminals, such as organizations run directly by governments.
    • by gweihir ( 88907 )

      Indeed. And do not just fine the company. Lock those up that made the decision to pay.

    • Companies have calculated good security costs more than paying the ransoms.

      Exactly the quote I got working part time at regional hospital. They'd had multiple visits from the FBI for data breaches, and forced network reorganizations to "mitigate" issues in the future.

      They still said that they'd pay the ransom and push the cost onto their patients (who's data had been stolen for the upteethtime) because it's cheaper than doing proper backups.

      The free market has decided that the safety and well being of the general public isn't profitable enough. These corporate clowns aren't g

    • by jabuzz ( 182671 )

      A fine won't work. What will work is a minimum jail term of 12 months for the C-levels and a ban on holding a C-level position for the next decade if a ransom is paid. Also jail time say six months minimum for anyone aware the ransom was paid who didn't report it to the FBI. Now nobody is paying the ransom period.

  • THEN MAKE IT ILLEGAL TO PAY THEM. If there's a zero chance you're getting paid in a certain country, you're not going to attack that country for money. It's that damn simple. Oh noooo, irreplaceable data! You're sunk without it. FUCK YOU! Ggo out of business, you morons. Sincerely, a better IT technician in a better prepared IT department at a better company.
    • It is illegal, but it is TRIVIALLY (pardon the all caps) easy to get around.

      Company A considers security to have no ROI, gets hacked and ransomwared.

      Company A hired offshore firm "B", pays them the cost of the ransom plus a percentage fee.

      Hired offshore form "B" pays the ransom.

      Company A gets their decryption keys.

      ?????

      Profit on all areas, because the ransom will get charged off, the offshore consulting company gets a bonus, and the guys in North Korea get money for more troops to send to Russia, and more m

      • by ukoda ( 537183 )
        With a properly written and enforced law then paying company 'B' would still be treated as paying the ransom. It doesn't need to be 100% enforcable to have an effect, and you can keep closing loopholes as we do with other laws.
        • If company "B" is offshore, then enforcing it becomes an international effort, and with many countries it just won't be bothered with. The loophole is trivial. Pretty much all big US businesses offshore anyway, so having ransom "taken care of" by this method is easy.

          • If the company "A" is not offshore, then it still can be audited. And when it becomes clear that it was ransomwared, yet somehow got the decrypting key by unclear means, there will be hard questions to be answered. And a hell to pay.

            • I hope you are right. I've never seen an incident where government prevailed over the private sector in all the time I've been in IT, other than maybe some lip service to regulations, be it pinky promises, POA&Ms which had more high fantasy in them than anything Tolkien or Piers Anthony could ever make, stupid tricks like powering off Windows machines when the auditors were scanning, or whatnot.

              The -only- industry I've worked in where regs were taken as more than a laughing stock was the film industry.

    • by gweihir ( 88907 )

      I completely agree. This crime financing has to stop. I expect that a few CEOs behind bars will serve nicely to stop this mess.

  • First up, why do ISPs not give an option to just blanket block e-mails and even connections from other regions? If you want to allow them, your ISP can have settings to open up connections from various places, but for the majority of people and companies, are you doing business from Nigeria, or even for smaller businesses, if you aren't involved or interested in doing business outside of your own country, wouldn't you feel safer if your ISP were just blocking all traffic from other countries? I know tha

    • by ceoyoyo ( 59147 )

      "We can set up firewalls ourselves as well"

      Yes you can. Leave the ISP out of it. They're annoying enough already.

      • Bringing the ISP in as an active censor means that whatever IP group can then tell the ISP to block what they feel like a la SOPA/PIPA. Once some process is in place, even if is intended only for uses in emergencies, that "emergency" tier bar always lowers and lowers to "that person pirated a song" or even "that person blocked an ad" tier.

        • by ceoyoyo ( 59147 )

          You're thinking too small. The OPs particular suggestion was blocking all foreign traffic. "Wouldn't you feel safer if your ISP were just blocking all traffic from other countries?"

          North Korea does that, for very specific reasons.

  • by bleedingobvious ( 6265230 ) on Friday October 18, 2024 @11:57AM (#64874857)

    Seriously. I have over 200 Digital Ocean/Azure/AWS/etc IP blocks already and it continues to grow.

    With cloud automation, it's trivial to spin up infrastructure, spew the campaign, grab the necessary then simply dissolve it all.

    Cloud vendors have to become part of the defense-in-depth solution or we will remain farked.

  • by Pinky's Brain ( 1158667 ) on Friday October 18, 2024 @12:12PM (#64874911)

    Just sanction all crypto exchanges. The moment the US cuts off crypto from the financial system it's dead and ransomware with it.

    Ransomware solved. Gigawatts of power saved. Win win.

    • by gweihir ( 88907 )

      For that you would have to get rod of some no honor, no brains politicians and their followers. I do not see that happening.

  • If it's infrastructure, don't connect it to the internet.

    If it's internet connected business hardware/software, 3-2-1 backups, and a real capable on staff administrator.

    If it's lifesaving must-be-connected-to-save-the-life gear, keep a spare on-hand and disconnected.

    If it's consumer IOT lightbulb vacuum washing machine surveillance silliness, make better buying decisions in the future.

    It's crazy how this is still such a problem. I've personally guided multiple business through ransomware infections. It's no

    • Maybe the ideal is going back to the idea of air-gapped networks with data diodes, so data can go out, like logs and analytics, but nothing comes in. We had this in the past where companies really didn't want to connect all their secret stuff to the Internet so any Joe in any country could guzzle their data.

      What needs to happen is that operating systems need to get better at running in offline mode. Red Hat does this well, and Ubuntu is decent. Windows... who knows. No cloud connections, no constant tel

  • by rtkluttz ( 244325 ) on Friday October 18, 2024 @12:19PM (#64874933) Homepage

    I used to run the IT security program at a large multinational business that dealt with a really nasty chemical. The fact that we dealt with that chemical forced us to be brought under the Homeland Chemsec level 2 tiered site and we had to submit to audits by Homeland security. The auditing that audited us said I did the best on the initial audit of any company they had ever audited. The ONLY things that I got dinged on, I had proof that I had attempted to put in place but got over ridden by executive levels. Simple things like PC lockdowns that existed on every other machine in the org but fucking entitled execs refused to allow to happen to their own machines. Things like delivery times and every PC that had data that showed deliveries, storage, personnel all had to be very tightly controlled. Executive levels were privvy to that and had it on their laptops. We got dinged for it in the audit, but NOTHING HAPPENED with of any substance. Executive levels are the WORST security issues in most companies and no one does a thing about it. Security teams warn them. Nothing. External audits... nothing. Security really isn't as hard as people make it out to be. A 100% whitelist based system where nothing new works and everything has to be vetted and approved in advance actually makes IT security fairly simple and cheap. It's only when you have to cater to employee "happiness" that things go off the rails. In IT security, happiness is irrelevant. Configure every single machine in the company to be able to do the pre-defined and assigned job function and anything other than that should fail and you can have cheap and simple security system. But that never happens fully because employee happiness is a consideration above security and that should NEVER be the case.

    • by gweihir ( 88907 )

      Security really isn't as hard as people make it out to be. A 100% whitelist based system where nothing new works and everything has to be vetted and approved in advance actually makes IT security fairly simple and cheap.

      I agree. Those that get hid usually did ignore the problem. In case of the C-levels, often in hopes of a bigger bonus. I essentially see that as fraud against the company these days.

      It's only when you have to cater to employee "happiness" that things go off the rails. In IT security, happiness is irrelevant.

      That one I disagree rather strongly with. People need to be able to work with minimal hassle. Or they start to circumvent security measures. That means that getting something to run must be easy, denials by IT must be clear and make sense and generally, user support must be good. For example, if a user wants "insecure product xy

      • You misunderstand. WORK should work. With no hassle. Anything NOT related to work should not. Every web page, every piece of software, every permission should be tailored to the absolute bare minimum to get the job done and not one single thing else. I don't give a fuck if the employee or executive is unhappy that they can't install software or visit a web page to get sports scores.

        • by gweihir ( 88907 )

          Ah. Well, I agree on "other" software. I do not agree on that "bare minimum".

        • I do wonder why we need web browsers for internal apps at all. We don't need to go back to 3270 interfaces, although those, in a lot of cases, worked extremely well. However, something that is very basic that one can arrange fields, and highly responsive to combat user frustration. In general, an app frontend that runs on the endpoints is going to be a lot faster and more useful than a browser, just because browser code is so poorly written and bloated in general. It would be nice to have a UI-lite with

    • It is not just IT. Most leaks of confidential information are at the executive level. Get a few drinks into one and he will start boasting about all the neat stuff his companying is doing. Fortunately, many of them know so little about what is really going on that they cannot really leak anything critical.
  • The fuckers that pay did try to go cheap before and basically asked for it. There really is no sane way to see these organizations as "victims" at this time. They are perpetrators that make things worse, nothing else.

  • It needs to be decided and voted on by Congress, not an unelected bureaucracy.

    • Congress is lobbied by big Corp. First things would be make lobbying illegal so that the congress critters will actually vote in their constituent's best interests. Then get term limits so that fresh eyes are always in the system instead of career politicians.

      But really, paying blackmail is already illegal...
      • Lobbying is too broad a thing to make illegal. It encompasses legit activity such as writing your Congressperson. The right to petition the government is literally a part of the First Amendment.

        What you need to target is the appearance of quid pro quo--the funding. Also, the authorship of bills by organizations, ie, Congress subbing out their jobs to special interests. The devil is in these details, because the very people who could intelligently figure out how to do it are...

        ...people with experience

        • Apologies, lobbying by anything not a US citizen. If one US citizen wants to align with corporate interests that is fine as long as they don't use corporate funds to bribe congress, or any funds directed at a member of the government in general.

          If you need to be in the government more than 10 years to accomplish something then why are you there? The world is evolving faster and faster, government needs new blood instead of the old boys club that remains in place to line their friend's pockets.
          • OK, I think we're pretty much on the same page regarding non-individuals lobbying, although there's a distinction to be made between things like AARP as opposed to Chevron. With modern technology, there's an argument to be made that you don't need non-profit advocacy organizations either because they could (in theory) mass-filter emails from individuals or something to get an aggregate opinion of what retirees really think, as opposed to AARP's reps. Not picking on AARP in particular, just using it as an

        • I think you could start by outlawing corporate political contributions as de facto quid pro quo while we re-examine the whole notion or corporate personhood.

          Maybe some problems with political PACs, but those should be under strict disclosure laws anyway and can be considered seperately.

          Billionaires of course are still free to spend their own money in defense of their political causes, but no more raiding the corporate kitty as if it were sentient to exercise free speech as some shell game.

  • Just start up BuSab, Frank Herbert's bureau of sabotage, only have it attack domestic businesses. Of course, it would provide the victims (and after a delay everyone else) with details on how it successfully attacked with what should have been done to prevent that, and it wouldn't exploit customer data, just prevent the company from having access to it. And, it would attack relentlessly, so that no company could afford to continue operating with shitty security. Additionally, continue with fining companie
  • If you incentivize criminals to steal that they would keep doing it. You paid them, they should stop right? Is that how that works?
  • That will force companies to make sure they have proper backups, which is the correct solution to a ransomware attack.
  • by Vegan Cyclist ( 1650427 ) on Friday October 18, 2024 @03:00PM (#64875415) Homepage

    Isn't it illegal to give money to enemies of the state?

    If those paying ransoms are funding enemies of the state, aren't they committing federal offenses?

    Not an American, so maybe have this mixed up...but that's my impression.

  • The devil on my shoulder is telling me to start spreading cryptolocker malware and then not sending the unlock key after payment. I'll make businesses across the country safer (in the long run) while also getting rich!

  • Let me suggest that the problem is people are a busing the internet by using it for things it is not capable of securely supporting. As long as you are connected to the internet you are going to be vulnerable. The answer is to get off the internet. Demanding a 100% security is impossible but the more valuable the service you offer the bigger the reward from ransomware. You aren't going to pay $1000 ransom because your kids phone is bricked.
  • ...so you can weaponise them in your fight against witnesses, whistleblowers, journalists, politicians and activists.... or whatever country is the latest victim of your out of control foreign policy. how many times does it take them being used before responsible behavior becomes the norm?

    have watched the sheer idiocy of the policy evolve over the decades, and it's clear that 'surveil everything' has taken precedence over 'secure everything'.

  • Enabling criminals by giving them what they want causes an increase in crime !

    News at 11 :|

  • ...bring back drawing and quartering? I mean just for hackers? Huh? We could sell tickets...

  • ... whatever it takes to get back to operations ...

    Making a profit is more important than wearing the consequences of poor IT management. Corporations can aid and abet criminals in a way that ordinary people can't. Time to remember, taxes from ordinary people fund this policy of, pretend 'people' don't have to obey the law.

  • To wit: "Men are not hang'd for stealing Horses, but that Horses may not be stolen. Of Punishment. Malice is of a low Stature, but it hath very long Arms." The prospect of a long prison term or the noose clarifies intentions in all but the worst in that way.

If all else fails, lower your standards.

Working...