Ransomware gang extorts jet maker Bombardier

Homebuilt Aircraft & Kit Plane Forum

Help Support Homebuilt Aircraft & Kit Plane Forum:

Pilot-34

Well-Known Member
Joined
Apr 7, 2020
Messages
1,298
Location
Most of me is in IL but my hearts in Alaska
That's like saying the person who invented banks should reimburse for all bank robberies. Guy who invented cars should pay for all car thefts. Yadda, yadda, yadda. You get my point.
Isn’t it more like saying the bank should be responsible for the money inside of it?
You put things into it and you expect to take the same things out
 

rv7charlie

Well-Known Member
Joined
Nov 17, 2014
Messages
1,889
Location
Pocahontas MS
As long as our government would go out and prosecute and bring these criminals to justice folks might opt not to pay the ransom.
The criminals are rarely, if ever, inside the USA; they're typically in countries with weak/nonexistent laws related to their activities, and often where there's no extradition treaty, anyway. Add to that the factor that some are actually state actors (meaning they're creating a revenue stream for their government), and enforcement options are virtually nonexistent.

A friend of mine ran IT for a company with multiple offices scattered across multiple states, with remoted backups scattered around, etc. They *all* got hit when a clerk clicked on a single pdf attachment that appeared to be an invoice from one of their vendors. Took them literally weeks to clean it up. The connected environment makes us vulnerable.
 

Vigilant1

Well-Known Member
Lifetime Supporter
Joined
Jan 24, 2011
Messages
6,796
Location
US
It would seem that the costs for this (ransom, data recovery, defense) are now just accepted and passed on to consumers or users. The crime works, and is apparently worth the risk and trouble.
It will decrease when it gets harder (better defenses) or riskier (better law enforcement). I think better defenses are the more promising road, and that will happen when customers demand (and are willing to pay for) hardware, software, and procedures that are truly more secure and remain secure.
The fact that ransom payments are made is part of the problem. The payer may get his data back, but he has increased risk and costs for everyone else.
 

Vigilant1

Well-Known Member
Lifetime Supporter
Joined
Jan 24, 2011
Messages
6,796
Location
US
I wonder if insurance would help or hurt? Concentrating the pain to a few well capitalized insurers might prompt them to marshal the resources to take concerted action (certify hardware, software, procedures. Maybe offer bounties...). Or, maybe it could make things worse if potential victims could count on being made whole in case of attack.
 

Vigilant1

Well-Known Member
Lifetime Supporter
Joined
Jan 24, 2011
Messages
6,796
Location
US
Insurance always raises total cost.


BJC
Agreed. There's no doubt that insurance premiums exceed paid claims-- somebody is paying for those office buildings, TV commercials, and dividends. On the other hand, insurers have proven to be effective at reducing losses in some cases to the net benefit of entire industries. The standardized testing and analysis done by Underwriters Laboratory (UL) is widely credited with improving safety of electrical appliances and fixtures, the IIHS has helped advance vehicle crashworthiness, etc. I wonder if anyone with skin in the game is testing and certifying hardware, software, and procedures relevant to ransomware and IT system security.

The history of Somali piracy may have useful parallels and lessons applicable to ransomware. It was a raging problem for five years, then it was extinguished. More here.
 
Top