Will ransomware incidents decrease now that ransomware operators are being arrested?
Sort by:
The thing that the North Carolina Attorney General has in common with Russians is that the incentives work in a similar way. If you have a particular set of outcomes you're incentivized to achieve, or if you're trying to prevent that from a leadership position, the mechanics are broadly the same.
The somewhat perverse incentive is that the telcos profit off these calls. They’re charging for every call that's connected. The common refrain is, "It’s way too complex." But Verizon will not let billions of calls go through if they can’t get reimbursed for them. The telcos don't have an incentive to stop this because they're making money.<br><br>https://brothke.medium.com/the-fcc-telecoms-know-robocalls-can-be-stopped-now-you-can-know-that-also-5503461b764c
Ransomware incidents might decrease a bit in the short term following arrests, but not in the long term because it's a successful business model. When people think about ransomware, they sometimes miss the fact that it started off as malware — it was about going after someone’s personal documents. That's how people started to think about it, but the deeper aspect is that it's monetizing stuff that's otherwise very difficult to monetize.
I could deny access to something that's useless to me and can’t be resold, but it's valuable to the owner — that is a business model for the attacker. It's still relatively novel and we don't have a clear picture of how to deal with the economics of that. Most cybersecurity economics are around credit card numbers, PII or PHI, all of which you can sell elsewhere, and ransomware is almost the opposite of that. We’re not too far into figuring out the effect that this difference in economic incentive has on the behavior of the adversary, and then the behavior of the defender.
That's a good point: the data they get is only valuable to you. They're not going for important patent-level engineering secrets or something.
You see these ransomware operator takedowns and arrests time after time, but it's a blip on the radar. The ransomware operators come back rebranded or a different crew takes over. I don't think these arrests are going to change the ransomware landscape by any measurable amount in the long run. There's too much money in it.
Earlier this year, the Attorney General of North Carolina sued a company called Articul8 to stop robocalls. Articul8 is a two-man operation out of Dallas. The lawsuit was meant to improve public relations by showing that he’s doing something to fight these things, but if you truly want to stop robocalls, that’s not how you should do it. It can be done, but it starts with telcos like Verizon, AT&T, Sprint or T-Mobile. Instead he's suing this company, which has about $1M revenues, for hundreds of billions of dollars. I’m not comparing the Attorney General of North Carolina to the Russians, but it goes to show that a lot of this is just theater; it’s not meant to address the problem.
https://brothke.medium.com/how-to-stop-robocalls-in-an-hour-and-it-has-nothing-to-do-with-articul8-9a33fcb553f2