back to article I don't care what your eyeballs tell you. Alternative fact is, we've locked up your files

Two in five large UK businesses have fallen victim to a "bluff" ransomware attack, according to a new survey. "Bluff" ransomware attacks involve cybercriminals falsely claiming that malicious software has successfully infected an organisation's network before demanding an extortionate payment in return for the "encryption key …

  1. ntevanza

    The Tr*** Attack

    Your country is burning, and only I can put out the fire. Your eyeballs are wrong,

    Who copied whom here??

  2. Mephistro Silver badge
    Unhappy

    If I had to make an educated guess...

    I'd say that the ransom message was sent to some clueless management bod, who decided to pay discreetly without discussing the issue with their IT department. Either that or the IT department was crap*.

    "A fool and his money..."

    * either because of underfunding/ understaffing (from my experience, the most common cause) or the IT dept. consisting in a bunch of noobs.

    1. Doctor Syntax Silver badge

      Re: If I had to make an educated guess...

      "Either that or the IT department was crap"

      Or in another country, assuming it existed at all.

    2. Yet Another Anonymous coward Silver badge

      Re: If I had to make an educated guess...

      No because they reported it to the Police.

      A much worse explanation is that some clueless management bod asked IT, IT said the files were fine.

      But CMB then held a meeting with other managers, lawyers and digital-cyber-compliance-facilitator-resources and somebody asked who was willing to put their job on the line to guarantee that the files were fine, or should they just pay with the company's money?

      All of us who remember replacing systems in 1999 that didn't have anything to do with dates, because we couldn't get a certificate form the manufacturer proving that the vacuum cleaner was Y2K compliant.

      1. Terry 6 Silver badge

        Re: If I had to make an educated guess...

        You just brought back a nightmare.

        My boss paying a fortune of our limited budget, (like every one else) to have computers Y2K tested. Most of which machines that were not networked, and had no system critical data, and were of little value. Because a bunch of executive level table decorations let themselves be panicked by a few vested interests into thinking that every bit of kit had to be Y2K compliant. Machines that could easily have been tested for free by turning them on on the 2nd January and seeing what happened.

  3. adam payne Silver badge

    "Cybersecurity initiatives, such as No More Ransom, were also kept in the loop but less than a quarter (24 per cent) of the affected businesses shared that information with customers, partners and suppliers."

    Not sharing that information with customers, well that's a huge shock. ;)

  4. 2+2=5 Silver badge
    Alien

    It's a conspiracy I tell you...

    Perhaps they're just hoping that they'll randomly get someone who has already been attacked by ransomware and will either pay the bluffers instead of the real ransomers by mistake, or simply pay twice?

    Obligatory Internet conspiracy: Of course, if the bluffers were somehow to know who the targets were in advance (perhaps by having sold the mailing list to the criminals originally?) then their success rate would be a lot higher.

  5. Frank Bitterlich
    WTF?

    Wait a second...

    Either I'm totally ignorant to the level of stupidity of mankind, or there's something missing.

    "Almost two-thirds (61 per cent) of targeted organisations paid out a ransom as a result..."

    I'm sorry, but I can't believe that. Do you want to tell me that if I send an email to a number of (large) businesses telling them that their files are gone, less than half of them bother to actually check before paying out 5-digit sums?

    There has to be another element to this type of fraud, some way in which the attackers cause the mark to believe that something actually happened (such as internal knowledge of the organisation or such.)

    I know that way too many gullible people live on this planet, but not on that level.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wait a second...

      I looked at that and thought, here we go, another loaded survey.

      I once conducted a survey and found 95% of parents are female. It was an unbiased study of people coming to a parent and baby coffee morning conducted on a Wednesday.

      1. Teiwaz Silver badge
        Coffee/keyboard

        Re: Wait a second...

        Hilarious - So, did you get a marketable qualification out of that, or were you merely working for Mothercare at the time?

    2. Mephistro Silver badge
      Thumb Up

      Re: Wait a second...

      When I read the article, for some unknown reason (;-), I was reminded of "hypnotist bank robbers".

      Of course, I reckon that the notes content is probably along the lines of "Give me the dough and you'll find your 50% in a discreet envelope pushed under your door tomorrow morning." o_0

    3. harmjschoonhoven
      Holmes

      Re: Wait a second...

      Reality is even simpler. Crooks send credible invoices for goods and services which are completely imaginary to large organisations and enough get paid - no questions asked - to make this a profitable business.

  6. Doctor Syntax Silver badge

    "There has to be another element to this type of fraud, some way in which the attackers cause the mark to believe that something actually happened"

    If this happened when the great Windows 10 mugging was in progress that might have been enough. Alternatively they have a real virus which renames everything with a .crypto suffix.

  7. Teiwaz Silver badge

    I am reminded of General Melchett...

    "Security is not a dirty word"

    1. MrT

      Re: I am reminded of General Melchett...

      Melchett: Now, I've compiled a list of those with security clearance, have you got it Darling?

      Darling: Yes sir.

      Melchett: Read it please.

      Darling: It's top security sir, I think that's all the Captain needs to know.

      Melchett: Nonsense! Let's hear the list in full!

      Darling: Very well sir. "List of personnel cleared for mission Gainsborough, as dictated by General C. H. Melchett: You and me, Darling, obviously. Field Marshal Haig, Field Marshal Haig's wife, all Field Marshal Haig's wife's friends, their families, their families' servants, their families' servants' tennis partners, and some chap I bumped into the mess the other day called Bernard."

      Melchett: So, it's maximum security, is that clear?

      Blackadder: Quite so sir, only myself and the rest of the English-speaking world is to know.

      IoT security strategy in a nutshell!

  8. Oengus

    Reminds me of

    This reminds me of the Irish Virus.

  9. paulnick2

    sadly we can expect hundreds of ransomware attacks in the future too!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019