Isn’t it more like saying the bank should be responsible for the money inside of it?
You put things into it and you expect to take the same things out
Ransomware gang extorts jet maker Bombardier
- Thread starter Bill-Higdon
- Start date
Help Support HomeBuiltAirplanes.com:
You put things into it and you expect to take the same things out
rv7charlie
Well-Known Member
The criminals are rarely, if ever, inside the USA; they're typically in countries with weak/nonexistent laws related to their activities, and often where there's no extradition treaty, anyway. Add to that the factor that some are actually state actors (meaning they're creating a revenue stream for their government), and enforcement options are virtually nonexistent.
A friend of mine ran IT for a company with multiple offices scattered across multiple states, with remoted backups scattered around, etc. They *all* got hit when a clerk clicked on a single pdf attachment that appeared to be an invoice from one of their vendors. Took them literally weeks to clean it up. The connected environment makes us vulnerable.
It would seem that the costs for this (ransom, data recovery, defense) are now just accepted and passed on to consumers or users. The crime works, and is apparently worth the risk and trouble.
It will decrease when it gets harder (better defenses) or riskier (better law enforcement). I think better defenses are the more promising road, and that will happen when customers demand (and are willing to pay for) hardware, software, and procedures that are truly more secure and remain secure.
The fact that ransom payments are made is part of the problem. The payer may get his data back, but he has increased risk and costs for everyone else.
It will decrease when it gets harder (better defenses) or riskier (better law enforcement). I think better defenses are the more promising road, and that will happen when customers demand (and are willing to pay for) hardware, software, and procedures that are truly more secure and remain secure.
The fact that ransom payments are made is part of the problem. The payer may get his data back, but he has increased risk and costs for everyone else.
This problem is what mercenaries were invented for.
BJC
BJC
I wonder if insurance would help or hurt? Concentrating the pain to a few well capitalized insurers might prompt them to marshal the resources to take concerted action (certify hardware, software, procedures. Maybe offer bounties...). Or, maybe it could make things worse if potential victims could count on being made whole in case of attack.
Insurance always raises total cost.
BJC
BJC
Agreed. There's no doubt that insurance premiums exceed paid claims-- somebody is paying for those office buildings, TV commercials, and dividends. On the other hand, insurers have proven to be effective at reducing losses in some cases to the net benefit of entire industries. The standardized testing and analysis done by Underwriters Laboratory (UL) is widely credited with improving safety of electrical appliances and fixtures, the IIHS has helped advance vehicle crashworthiness, etc. I wonder if anyone with skin in the game is testing and certifying hardware, software, and procedures relevant to ransomware and IT system security.
The history of Somali piracy may have useful parallels and lessons applicable to ransomware. It was a raging problem for five years, then it was extinguished. More here.
