A third of Brits would cough up £300 to ransomware peddlers More than four in 10 ransomware victims in the UK have paid to recover their documents, with 31 per cent of users willing to pay up to £400. A poll of 500 found 44 per cent of all ransomware victims in the UK have paid to regain access to their data. Two-thirds (67 per cent) of respondents had correctly associated ransomware …
"While victims are usually inclined to pay the ransom, we encourage them not to engage in such actions as it only serves to financially support the malware’s developers. Instead, coupling a security solution with minimum online vigilance could help prevent any unwanted ransomware infection.”
So he's saying, Don't pay the ransom, instead, don't get infected...
That's really not much help to those already caught, is it?
Most commentards here know better than to get caught out by a ransomware attack on their personal computers (well I hope so anyway), and take precautions against any malware.
For the rest of the population though, the chances are high that some numpty is going to click on the wrong email attachment at some point.
For the rest of the population though, the chances are high that some numpty is going to click on the wrong email attachment at some point.
Yes, yes they are. I think we should accept that premise.
The article states "More than four in 10 ransomware victims in the UK have paid to recover their documents, with 31 per cent of users willing to pay up to £400."
If we could cut off the scummers funding such that there was no money in deploying it, I think it reasonable to assume most, though not all, of it would simply go away. With that in mind, I wonder what would happen if we criminalized payment of the ransom?
Obviously in some cases there would be great hardship caused, possibly loss of life if medical records become involved. I expect they scummers would go bust within a few months, were payment barred globally, because they'd move on to some other (hopefully less damaging) scam. That sort of analysis was something Worstall was good at; I wonder who El Reg has to lift that mantle now, and if they'd be interested in commenting?
Or we could nuke them from orbit: It's the only way to be sure.
"While victims are usually inclined to pay the ransom, we encourage them not to engage in such actions as it only serves to financially support the malware’s developers. Instead, coupling a security solution with minimum online vigilance could help prevent any unwanted ransomware infection.”
The second sentence is not an alternative to the first. It is the same as:
We encourage people never to call the fire brigade. Instead, smoke detectors could help prevent a serious fire.
.. have absolutely no problem with exacerbating the issue. If it makes easy money, more criminals will start doing it. It's basically the same problem as kidnapping for ransom, which got so bad in countries that they saw no better solution than to impose the death penalty.
I'm going off on a tangent here, but this is one of the reasons why you don't want unregulated money flows such as Bitcoin. I know it's all wonderful that you create something that nations *allegedly* have no grip on, but it pretty much instantly became a conduit for money laundering and an anonymity shield for criminal activity. I bet Western Union is pissed off too..
Sacrificing your data will make an incremental (but unquantifiable) contribution towards eliminating the future threat to others.
That is the same proposition as mass vaccination with the proviso that vaccination is mostly safe and protects the recipient whereas refusing to pay is totally unsafe[1] and dooms the data of the person doing it.
I'm fairly sure that if you crunch the numbers there is no business case for refusing to pay. Population level altruism is rarely (if ever) a valid strategy ... if it were, creatures with diseases like smallpox would have evolved to self destruct as fast as possible to contain the infection.
[1] Rational ransomgits will behave with total integrity post-infection so there is no doubt that payment = data restored. They will keep the price low enough to out compete alternatives (simply calling out an engineer for an opinion probably costs >£400).
[1] Rational ransomgits will behave with total integrity post-infection so there is no doubt that payment = data restored. They will keep the price low enough to out compete alternatives (simply calling out an engineer for an opinion probably costs >£400).
1 - assuming "integrity" (or even rationality) of someone who just took your data ransom is both naive and stupid.
2 - you may have unlocked your data, but that doesn't mean you have removed the infection.
...I'm observing that selection pressure forces things in that direction.
Welching on your "customers" is bad business as it reduces future earnings. It will also incur the wrath of colleagues in the same industry, some of whom have associates fond of "direct action".
Evolving rational and efficient strategies at industry level doesn't require morals, just competition among serious crooks and the elimination of anarchists in it for the "lulz".
Unless you have a long enough backup cycle, that won't help either. These crooks are smart enough to wait a while until they activate the code, in which case you may find your backups may not help much either.
I wonder, however, if restoring with a changed system clock and no connectivity would help, but I much prefer to keep my system clean instead. Once you get used to decent security it becomes routine.
"Once you get used to decent security it becomes routine."
Agreed.
However, the problem with decent security - no matter how routine - is its price: reduced convenience. I find the average person prefers things being more convenient to more secure. This is as true in the physical world as the digital one.
a little education is free and convenient.
Just learn not to click on shit in the hope it is what you asked for.
if you asked for gforce.zip and got downloderhelper. exe - ABORT!
turn your file extensions on (god knows why this isnt default)
learn to look where links are pointing at
think "have i even entered the lottery?"
its basic basic stuff , in fact im struggling to think of attack vectors.
How do these civvies get themselves infected? (famous last words. touch wood :] )
short of 0 day drive-bys just "use your head".
dont click on dregs of the internet click bait entitled "worlds *blank*iest *blank*" or "top 10 blah blah"
and i suppose , at a pinch , for extra peace of mind you could install AVG or Avast , or go crazy and pay for one.
However, the problem with decent security - no matter how routine - is its price: reduced convenience. I find the average person prefers things being more convenient to more secure. This is as true in the physical world as the digital one.
I agree with you. Thankfully we also do business continuity (that deals with the WHOLE business, not just IT). Once you're gone through a scenario that shows the inconvenience of being without a job as the company has folded, most people get the point. It needs reinforcing every so often, but they do grok this if you make it sufficiently personal...
In my case, anything of value (TB's) is living on a disconnected, wired, wireless-free, self-contained network. Excepting the odd job, fixed income here and can't manage to pay the Dane-geld. There must be quite a few too poor to pay people out there, we don't seem to be hearing about it yet. Definitely something I should investigate, especially as I'm networked with our local news reporters.
This post has been deleted by its author
How many people who have paid the ransom go on to "disinfect" their computer to remove the risk of a repeat performance. As a totally unscientific guess I bet most would run a couple of anti-virus scans and leave it at that. The alternative - fresh OS and program installation on a new disk? - probably doesn't merit a thought. Even then, how could you be sure the critter wasn't lying low somewhere in your data?
"Even then, how could you be sure the critter wasn't lying low somewhere in your data?"
Well, real pros not only reinstall fresh after any infection, but also change architecture, just to be sure: x86 -> ARM -> MIPS -> Z80 -> custom CPU built in Minecraft -> etc...
If there are people out there, that still haven't got the message, then I think it's time to send them another message, which again they would ignore, but this one has a payload.
Infect their machines with a benevolent virus, one which goes through their machine, closing all the obvious open doors, putting admin privileges far out of their reach and changing the desktop wallpaper to always have the words, "THIS COMPUTER WILL SELF DESTRUCT IF YOU DO NOT BACKUP EVERYDAY"
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
